[2025-12-10 19:41:42.445] [DEBUG] [tid:138035844867776] (main_cnn.cpp:334) 启动 cnn预测及训练! [2025-12-10 19:41:42.447] [ERROR] [tid:138035844867776] (KafkaConsumer.cpp:173) Created consumer rdkafka#consumer-2 [2025-12-10 19:41:42.447] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:453) subscribe successed: Success [2025-12-10 19:42:22.494] [ERROR] [tid:138035844867776] (KafkaConsumer.cpp:89) RebalanceCb: Local: Assign partitions: [2025-12-10 19:42:22.494] [ERROR] [tid:138035844867776] (KafkaConsumer.cpp:79) analyzed_queue_cnn[0], [2025-12-10 19:42:22.494] [ERROR] [tid:138035844867776] (KafkaConsumer.cpp:79) analyzed_queue_cnn[1], [2025-12-10 19:42:22.494] [ERROR] [tid:138035844867776] (KafkaConsumer.cpp:79) analyzed_queue_cnn[2], [2025-12-10 20:21:52.051] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25091 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765360664.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765360664.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3f2e7c7ddd0814cd409cba1a46dded75f48a34ba5d29b195c729a32e4d864a70&X-Amz-Date=20251210T122151Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 20:21:52.051] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:21:52.051] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:21:54.876] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:21:54.876] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:21:54.876] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:21:54.877] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:21:54.881] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765360664.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398114881, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:21:54.881] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:21:57.223] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25092 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765348050.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765348050.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4c25f9be2340824ac1e78c039e717795a7dc27c909060275e6b527992113f54d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T122157Z&X-Amz-SignedHeaders=host"} [2025-12-10 20:21:57.223] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:21:57.223] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:21:57.223] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:21:57.223] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:21:57.223] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:21:57.224] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:21:57.227] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765348050.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398117227, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:21:57.227] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:01.558] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26340 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765346248.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765346248.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T122201Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=334f23e2edf688f4dce042f32050543e0aceeffd47b57fe3eef149fdb729f516&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 20:22:01.558] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:01.558] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:01.558] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:01.559] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:01.559] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:01.559] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:01.562] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765346248.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398121562, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:01.562] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:02.972] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24687 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765351654.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765351654.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T122202Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6aeaec4a33384321d5b14724b43efe865e844a423264cfc8ae356a8433394173"} [2025-12-10 20:22:02.972] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:02.972] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:02.972] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:02.972] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:02.972] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:02.972] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:02.975] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765351654.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398122975, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:02.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:04.213] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25093 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.13.1765266097.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.13.1765266097.jsonl?X-Amz-Date=20251210T122204Z&X-Amz-Signature=341530480e8c41444ed0539329603ef9f6194a3531be17a9ddb8913be234974c&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 20:22:04.213] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:04.213] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:04.213] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:04.213] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:04.213] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:04.214] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:05.366] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.13.1765266097.jsonl|result:{"code": 0, "total_count": 13, "abnormal_count": 0, "normal_count": 13, "alert_count": 0, "timestamp": 1765398125365, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765266102275032, "etime": 1765266102275032, "src_ip": "120.241.86.8", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 62114, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103663716, "etime": 1765266103663716, "src_ip": "180.163.247.134", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 64313, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103195623, "etime": 1765266103195623, "src_ip": "106.11.23.118", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 63113, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103629617, "etime": 1765266103629617, "src_ip": "183.240.240.35", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 64234, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103300336, "etime": 1765266103300336, "src_ip": "10.1.166.121", "dest_ip": "10.9.9.12", "src_port": 63526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103439065, "etime": 1765266103439065, "src_ip": "183.240.60.138", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 63815, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103300274, "etime": 1765266103300274, "src_ip": "10.1.166.121", "dest_ip": "10.9.9.12", "src_port": 63525, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103281666, "etime": 1765266103281666, "src_ip": "150.171.27.11", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 63485, "protocol": "tls", "result": "Normal"}, {"stime": 1765266101804321, "etime": 1765266101804321, "src_ip": "120.240.138.38", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61750, "protocol": "tls", "result": "Normal"}, {"stime": 1765266101783185, "etime": 1765266101783185, "src_ip": "20.3.187.198", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61677, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103210658, "etime": 1765266103210658, "src_ip": "111.63.205.165", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 63221, "protocol": "tls", "result": "Normal"}, {"stime": 1765266103608983, "etime": 1765266103608983, "src_ip": "120.233.148.79", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 64030, "protocol": "tls", "result": "Normal"}, {"stime": 1765266102022694, "etime": 1765266102022694, "src_ip": "183.240.98.194", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61994, "protocol": "tls", "result": "Normal"}]} [2025-12-10 20:22:05.366] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:05.724] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24688 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765359763.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765359763.jsonl?X-Amz-Signature=9519825c1f20b11358dce4e5266bef6950808569d561858c138248e771fbcf3d&X-Amz-Expires=604800&X-Amz-Date=20251210T122205Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 20:22:05.724] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:05.724] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:05.725] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:05.725] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:05.725] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:05.725] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:05.728] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765359763.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398125727, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:05.728] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:13.569] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24689 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765347149.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765347149.jsonl?X-Amz-Signature=537feea794967acf84ca0fc94b0de47614c14eb425b39895028bf272628cd067&X-Amz-Date=20251210T122213Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 20:22:13.570] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:13.570] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:13.570] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:13.570] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:13.570] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:13.571] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:13.578] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765347149.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398133578, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:13.578] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:14.230] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25094 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765357961.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765357961.jsonl?X-Amz-Signature=e9cd4cb4b3441ed63508fd90c88097e19a86d11c26cddcbd13685b26dd9e4706&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T122214Z&X-Amz-Expires=604800"} [2025-12-10 20:22:14.230] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:14.230] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:14.230] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:14.230] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:14.230] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:14.230] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:14.233] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765357961.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398134233, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:14.233] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:15.074] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24690 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765355258.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765355258.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T122215Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0d1c34501260a53a357e2cfb6c25598122273db83f73cf6793a4be9dd8c363b5"} [2025-12-10 20:22:15.074] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:15.074] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:15.074] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:15.074] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:15.074] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:15.075] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:15.077] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765355258.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398135077, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:15.077] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:15.748] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26341 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765350753.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765350753.jsonl?X-Amz-Date=20251210T122215Z&X-Amz-Signature=3702529c28daabed33411c1eb8f9c82fe214bc8bd646da6f937473e78b5ae122&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 20:22:15.748] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:15.748] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:15.748] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:15.748] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:15.748] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:15.748] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:15.751] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765350753.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398135751, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:15.751] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:16.325] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25095 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765348951.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765348951.jsonl?X-Amz-Expires=604800&X-Amz-Signature=f00f2f9a85dcad5f50e4a150556cd3ac94eea52dc5e59467832cbb10cad64ca8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T122216Z&X-Amz-SignedHeaders=host"} [2025-12-10 20:22:16.325] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:16.325] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:16.325] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:16.325] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:16.325] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:16.325] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:16.328] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765348951.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398136328, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:16.328] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:16.844] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26342 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765354357.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765354357.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3b39c6b3f5e3bbc6d30db91c4cb30d97e742610def6a70fbb2e1f1d6a740b3e5&X-Amz-Date=20251210T122216Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 20:22:16.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:16.844] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:16.844] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:16.844] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:16.844] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:16.844] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:16.848] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765354357.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398136848, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:16.848] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:17.390] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24691 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765352555.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765352555.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0ac86d259f3edd7be75884be7522cebc92e00bbf4085d5741bc861fcfdfe7378&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T122217Z&X-Amz-SignedHeaders=host"} [2025-12-10 20:22:17.390] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:17.390] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:17.390] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:17.390] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:17.390] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:17.390] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:17.393] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765352555.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398137393, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:17.393] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:17.925] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26343 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765349852.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765349852.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=17a115caf0530c9244dff70e9da1c88a4045ff2f4d431984d648e18229ebc4c3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T122217Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 20:22:17.925] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:17.925] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:17.925] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:17.925] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:17.925] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:17.926] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:17.928] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765349852.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398137928, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:17.928] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:18.484] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26344 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765353456.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765353456.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T122218Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=2f11e4fd2a68218836af1405f5306f00f4e60589d644e78c6130b2ec7959a00c"} [2025-12-10 20:22:18.484] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:18.484] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:18.484] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:18.484] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:18.484] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:18.485] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:18.492] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765353456.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398138491, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:18.492] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:19.008] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25096 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765358862.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765358862.jsonl?X-Amz-Signature=f0920cbfc6857319105c84327b00fad6600e261da0a9d2d8e1f0b941d285b046&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T122219Z&X-Amz-SignedHeaders=host"} [2025-12-10 20:22:19.008] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:19.008] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:19.009] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:19.009] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:19.009] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:19.009] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:19.014] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765358862.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398139013, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:19.014] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:19.583] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24692 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765356159.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765356159.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T122219Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8a81c5cbeb0c178ef84513ac445c44da97a6d50e505886c17da1f190fd3aba4f&X-Amz-Expires=604800"} [2025-12-10 20:22:19.583] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:19.583] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:19.583] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:19.583] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:19.583] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:19.584] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:19.586] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765356159.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398139586, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:19.586] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-10 20:22:20.256] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25097 key: NULL payload: {"bucket":"2025-12-10","object":"20/output/cnn/alert.pcap.9.1765357060.jsonl","url":"http://111.32.12.11:9000/2025-12-10/20/output/cnn/alert.pcap.9.1765357060.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T122220Z&X-Amz-Signature=5acdb127eff4a77d324fd85e94836d758888d3efabe31c8ad9c33666909d3189"} [2025-12-10 20:22:20.256] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-10 20:22:20.256] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-10 20:22:20.256] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-10 20:22:20.256] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-10 20:22:20.256] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-10 20:22:20.256] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-10 20:22:20.259] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-10|object:20/output/cnn/alert.pcap.9.1765357060.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765398140259, "module": "anquanchu", "alerted": false, "details": []} [2025-12-10 20:22:20.259] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:14:28.550] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24693 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.10.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.10.17610986930914.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T011427Z&X-Amz-Signature=b99fa09296b8f73507a6686e31903aa719deff2cc28a15d062c5898fc54513dd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:14:28.550] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:28.550] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:28.551] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:28.551] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:28.551] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:28.553] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:29.878] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.10.17610986930914.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765444469878, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:29.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 09:14:29.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:29.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:31.693] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26345 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.11.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.11.17610986930914.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=93003bdb55beea93c1554b02f74766a17e3e396b76529d5699543e9b0f0deef7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T011431Z"} [2025-12-11 09:14:31.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:31.693] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:31.693] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:31.693] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:31.693] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:31.694] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:33.105] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.11.17610986930914.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765444473104, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:33.105] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:14:33.105] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:33.105] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:34.856] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25098 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.1.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.1.17610986930914.jsonl?X-Amz-Signature=8ed5f7f00523154d5c0034f90ac2b7bf856e89983110b31a90a069e5f49c4ffe&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011434Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 09:14:34.856] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:34.856] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:34.856] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:34.856] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:34.856] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:34.856] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:36.491] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.1.17610986930914.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765444476491, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:36.492] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:14:36.492] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:36.492] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:38.070] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26346 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.12.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.12.17610986930914.jsonl?X-Amz-Date=20251211T011437Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=27da6ecf53b3bfa12c2be3005578e0294ca5d7f58130255ad4eeff370b49d2c2"} [2025-12-11 09:14:38.070] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:38.070] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:38.070] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:38.070] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:38.070] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:38.071] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:39.693] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.12.17610986930914.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765444479692, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:39.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:14:39.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:39.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:41.240] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26347 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.13.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.13.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T011440Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3a06de19831716f04cb689504baf3a46b346ea5d131deb310422fbec64d7f3e2"} [2025-12-11 09:14:41.240] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:41.240] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:41.240] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:41.240] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:41.240] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:41.241] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:42.997] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.13.17610986930914.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765444482997, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:42.997] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:14:42.997] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:42.997] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:44.619] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25099 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.14.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.14.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011444Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ec394b7e675b8a4610c3fb515a443be260b0f27281d46a7bdb3afd6e05d89c3a"} [2025-12-11 09:14:44.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:44.619] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:44.619] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:44.619] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:44.619] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:44.620] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:46.202] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.14.17610986930914.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765444486202, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:46.202] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:14:46.202] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:46.202] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:47.760] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24694 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.15.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.15.17610986930914.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011447Z&X-Amz-Signature=6beb7b356096cbd1b647e573e92bf78ccf0552ce1a463f90506730dae0bc26a5"} [2025-12-11 09:14:47.760] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:47.760] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:47.760] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:47.760] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:47.760] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:47.761] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:49.241] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.15.17610986930914.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765444489241, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:49.241] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:14:49.241] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:49.241] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:51.134] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26348 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.16.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.16.17610986930914.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011450Z&X-Amz-Expires=604800&X-Amz-Signature=06bd3f8fe20bb1c8b1ed8c7c777ee72c68eff7e53b727768bbefc1e2c4c38b07&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 09:14:51.135] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:51.135] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:51.135] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:51.135] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:51.135] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:51.136] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:52.949] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.16.17610986930914.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765444492948, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:52.949] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:14:52.949] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:52.949] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:54.590] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25100 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.17.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.17.17610986930914.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T011454Z&X-Amz-Signature=c757427c1fc5154e721e00139a171087483c9d1c607a194649b3bd740a0617e3&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 09:14:54.590] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:54.590] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:54.590] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:54.590] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:54.590] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:54.590] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:55.878] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.17.17610986930914.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765444495878, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:55.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 09:14:55.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:55.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:14:57.727] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24695 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.18.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.18.17610986930914.jsonl?X-Amz-Signature=2db208959252fce5eb180a8c25500cebdabde5bb53af11bc9abdcf828c8f17b0&X-Amz-Date=20251211T011457Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 09:14:57.727] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:14:57.727] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:14:57.727] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:14:57.727] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:14:57.727] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:14:57.728] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:14:59.070] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.18.17610986930914.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765444499069, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:14:59.070] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:14:59.070] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:14:59.070] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:00.893] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25101 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.19.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.19.17610986930914.jsonl?X-Amz-Date=20251211T011500Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=eb549fcbb5b476cd31e54f158a36006ddd7739688a4fca02aa9e6cf4de3d3aeb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 09:15:00.893] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:00.893] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:00.893] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:00.893] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:00.893] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:00.894] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:02.105] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.19.17610986930914.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765444502104, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:02.105] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:15:02.105] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:02.105] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:04.075] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25102 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.20.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.20.17610986930914.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T011503Z&X-Amz-Signature=1458e078ae86539d49f36d9e95cb1eb5d404350bb621f0784b7814dd288da893&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 09:15:04.076] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:04.076] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:04.076] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:04.076] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:04.076] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:04.076] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:05.293] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.20.17610986930914.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765444505292, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:05.293] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:15:05.293] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:05.293] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:07.212] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25103 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.21.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.21.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=39dd5a30f40079852ccb49426f3443c051ad4fe6db24c9139e6cea4274688d79&X-Amz-Date=20251211T011506Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 09:15:07.212] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:07.212] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:07.212] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:07.212] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:07.212] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:07.213] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:08.645] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.21.17610986930914.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765444508644, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:08.645] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:15:10.413] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24696 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.2.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.2.17610986930914.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f471ca26093e305cc015d53b9f38142924c6889cd6d5144dae20ae4faf0b69ab&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011510Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:15:10.413] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:10.413] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:10.414] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:10.414] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:10.414] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:10.414] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:12.318] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.2.17610986930914.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765444512317, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:12.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:15:12.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:12.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:13.910] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25104 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.22.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.22.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6e49539b8ae1c6dbe644e2c94b435d20cd5c35b9589cb771d0473025dfbb735d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T011513Z"} [2025-12-11 09:15:13.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:13.910] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:13.910] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:13.910] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:13.910] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:13.910] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:15.186] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.22.17610986930914.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765444515186, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 09:15:15.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:15:15.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:15.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:17.754] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26349 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.23.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.23.17610986930914.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=c60af2abefbd6da9b86f3bfd16538f9d5d1a40e21602e1213a2330f3b3f653b5&X-Amz-Expires=604800&X-Amz-Date=20251211T011517Z"} [2025-12-11 09:15:17.755] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:17.755] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:17.755] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:17.755] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:17.755] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:17.755] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:19.265] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.23.17610986930914.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765444519264, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:19.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:15:19.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:19.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:20.991] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24697 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.24.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.24.17610986930914.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T011520Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b50510f531640a90722b1954127bd60f3ff267b38b660e5bdba3fb982cca60ee&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:15:20.991] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:20.991] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:20.992] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:20.992] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:20.992] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:20.992] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:22.265] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.24.17610986930914.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765444522264, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:22.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:15:22.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:22.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:24.407] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26350 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.25.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.25.17610986930914.jsonl?X-Amz-Signature=5846376b3a5fe230612b5db03a9df3e812f985eba57c2eae5d7f6d742e4dd461&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T011523Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 09:15:24.407] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:24.407] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:24.408] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:24.408] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:24.408] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:24.409] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:25.687] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.25.17610986930914.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765444525686, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:25.687] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:15:25.687] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:25.687] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:27.647] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25105 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.26.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.26.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011527Z&X-Amz-Signature=8b1b3060f951167230cdd5994a670f065e575c77564dfadeb7caa0acb3105e75"} [2025-12-11 09:15:27.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:27.647] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:27.647] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:27.647] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:27.647] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:27.647] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:29.290] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.26.17610986930914.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765444529289, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 09:15:29.290] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:15:29.290] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:29.291] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:30.870] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24698 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.3.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.3.17610986930914.jsonl?X-Amz-Signature=9298965e7778d1683ffae4260bcec7e3f11913a3053caa27779cad85d61f5f0d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T011530Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 09:15:30.870] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:30.870] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:30.870] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:30.870] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:30.870] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:30.871] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:33.071] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.3.17610986930914.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765444533070, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:33.071] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 09:15:33.071] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:33.071] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:34.018] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26351 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.4.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.4.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=505c3acaeb51494632b0f71c3ffb1f75a1e694377b87974f166b801862e563a2&X-Amz-Date=20251211T011533Z"} [2025-12-11 09:15:34.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:34.018] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:34.019] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:34.019] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:34.019] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:34.019] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:35.154] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.4.17610986930914.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765444535153, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:35.154] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:15:37.537] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26352 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.5.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.5.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0b34483b08cf44f170de8d9494e8ae7c70fc316546b359c7861becdcd67db3f2&X-Amz-Date=20251211T011537Z&X-Amz-Expires=604800"} [2025-12-11 09:15:37.537] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:37.537] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:37.537] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:37.537] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:37.537] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:37.538] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:38.912] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.5.17610986930914.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765444538911, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:38.912] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 09:15:38.912] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:38.912] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:40.677] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25106 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.6.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.6.17610986930914.jsonl?X-Amz-Signature=9b6ed013ca1ceb4647fe5a3242959e31f912afaba8bdce8280d1a43438437f23&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T011540Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:15:40.677] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:40.677] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:40.677] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:40.677] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:40.677] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:40.678] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:41.611] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.6.17610986930914.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765444541610, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 09:15:41.611] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:15:41.611] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:41.611] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:43.898] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25107 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.7.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.7.17610986930914.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T011543Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=42ebad45eb9111abc75f526250529c6a5aec9995be5c0cb598fbc74b153c1be6"} [2025-12-11 09:15:43.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:43.898] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:43.898] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:43.898] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:43.898] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:43.899] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:45.194] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.7.17610986930914.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765444545194, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:45.194] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:15:45.194] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:45.195] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:47.085] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25108 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.8.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.8.17610986930914.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T011546Z&X-Amz-SignedHeaders=host&X-Amz-Signature=cfc0f90a7bd69720a2adbce79a4b0c122dbcf4ec035c1648619c2a5d7afafe3f"} [2025-12-11 09:15:47.085] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:47.085] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:47.085] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:47.085] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:47.085] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:47.086] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:48.476] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.8.17610986930914.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765444548475, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:48.476] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:15:48.476] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:48.476] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:15:50.278] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24699 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.17610986930914.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.17610986930914.jsonl?X-Amz-Date=20251211T011549Z&X-Amz-Signature=277c3e586e4e5adb630376fd8b64e1744a89ecfb85b8d464ccb5eadb1e278fad&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 09:15:50.278] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:15:50.278] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:15:50.279] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:15:50.279] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:15:50.279] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:15:50.279] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:15:51.607] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.17610986930914.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765444551606, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:15:51.607] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:15:51.607] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:15:51.607] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:10.331] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24700 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.10.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.10.17610986930920.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a4be79ce27ac9b92e6558cf374bf943edcbdaee163184f011183a7278fbe4672&X-Amz-Date=20251211T012010Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 09:20:10.331] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:10.331] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:10.331] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:10.331] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:10.331] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:10.332] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:11.666] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.10.17610986930920.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765444811665, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 09:20:11.666] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 09:20:11.666] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:11.666] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:13.483] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26353 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.11.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.11.17610986930920.jsonl?X-Amz-Date=20251211T012013Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7428958f62af88a948c80f488265a3f099491b289537ad60c40730a166f7e2c7"} [2025-12-11 09:20:13.483] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:13.483] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:13.484] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:13.484] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:13.484] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:13.484] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:14.904] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.11.17610986930920.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765444814903, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:14.904] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:20:14.904] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:14.904] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:16.667] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25109 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.1.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.1.17610986930920.jsonl?X-Amz-Date=20251211T012016Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=caeec8d335c0b6da36d2f09d06eaa0ab7040f015a7538f2e5bb0a5cc6ac824a7"} [2025-12-11 09:20:16.667] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:16.667] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:16.667] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:16.667] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:16.668] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:16.668] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:18.310] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.1.17610986930920.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765444818309, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:18.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:20:18.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:18.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:19.884] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24701 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.12.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.12.17610986930920.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T012019Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=34853a8e2cf449acfe33553d2937763d5cb8001459408c51b8402a6494c42f85"} [2025-12-11 09:20:19.884] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:19.884] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:19.884] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:19.884] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:19.884] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:19.885] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:21.536] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.12.17610986930920.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765444821535, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:21.536] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:20:21.536] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:21.536] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:23.040] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24702 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.13.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.13.17610986930920.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T012022Z&X-Amz-Signature=3d2bb3bd8d369e81a9f11c07960c5045d21a005ac266be5e808a58681f3b465d"} [2025-12-11 09:20:23.040] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:23.040] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:23.040] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:23.040] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:23.040] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:23.041] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:24.820] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.13.17610986930920.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765444824819, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:24.820] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:20:24.820] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:24.820] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:26.449] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24703 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.14.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.14.17610986930920.jsonl?X-Amz-Expires=604800&X-Amz-Signature=fa781455873838e84f0bf1f27ef74db6abfb4b94a552a06db4d28fdb447b9350&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T012026Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:20:26.449] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:26.449] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:26.449] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:26.449] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:26.449] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:26.450] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:28.019] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.14.17610986930920.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765444828018, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 09:20:28.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:20:28.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:28.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:29.572] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25110 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.15.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.15.17610986930920.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3c4c56aa69292994284bc3ea893d00317c07b3030eb1e8f28a674a92c57d49f5&X-Amz-Date=20251211T012029Z"} [2025-12-11 09:20:29.572] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:29.572] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:29.572] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:29.572] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:29.572] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:29.573] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:31.029] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.15.17610986930920.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765444831029, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:31.030] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:20:31.030] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:31.030] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:32.937] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26354 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.16.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.16.17610986930920.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=c1b885da2e840a77eff7ca356e5b14be0b2c60032613d9e9256df8542fec3ec5&X-Amz-Expires=604800&X-Amz-Date=20251211T012032Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 09:20:32.937] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:32.937] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:32.937] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:32.937] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:32.937] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:32.938] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:34.832] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.16.17610986930920.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765444834831, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:34.832] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:20:34.832] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:34.833] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:36.318] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24704 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.17.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.17.17610986930920.jsonl?X-Amz-Date=20251211T012035Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fb1347e989839171ea26a3339496e8429030c0ac9011fe2e7430d2b960e267b9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 09:20:36.319] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:36.319] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:36.319] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:36.319] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:36.319] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:36.320] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:37.559] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.17.17610986930920.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765444837558, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:37.559] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 09:20:37.559] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:37.559] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:39.445] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25111 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.18.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.18.17610986930920.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=508296b30bd7ef7ce447c9bb2b837fbda4bff7b49e4059f244352fd1a8ea6ea6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T012039Z"} [2025-12-11 09:20:39.445] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:39.445] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:39.445] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:39.445] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:39.445] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:39.445] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:40.796] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.18.17610986930920.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765444840795, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:40.796] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:20:40.796] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:40.796] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:42.589] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26355 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.19.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.19.17610986930920.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T012042Z&X-Amz-Signature=a5d612462c4fbe541b53c190665a125af22f3d9413a1a0aed29bec867437c35e"} [2025-12-11 09:20:42.590] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:42.590] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:42.590] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:42.590] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:42.590] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:42.590] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:43.801] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.19.17610986930920.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765444843800, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:43.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:20:43.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:43.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:45.792] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24705 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.20.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.20.17610986930920.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ff8e9aceb50c6582e3b0553cbc2f28246ce2bbd06e4ebcf5208bafe5038f2846&X-Amz-Date=20251211T012045Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 09:20:45.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:45.792] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:45.792] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:45.792] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:45.792] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:45.793] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:47.001] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.20.17610986930920.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765444847000, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:47.001] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:20:47.001] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:47.001] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:48.926] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25112 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.21.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.21.17610986930920.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T012048Z&X-Amz-Signature=e5e8d89c5c4f7ffd7f2b61daff9127d1a6daf0eb1de803c32b42e6631e729665&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:20:48.926] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:48.926] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:48.926] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:48.926] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:48.926] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:48.926] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:50.342] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.21.17610986930920.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765444850341, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:50.342] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:20:52.123] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24706 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.2.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.2.17610986930920.jsonl?X-Amz-Date=20251211T012051Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8ac14ab5f94306f302e0d108502962afab54f077644268a7dfc7a2f3babfd13f&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 09:20:52.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:52.123] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:52.123] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:52.123] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:52.123] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:52.124] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:54.050] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.2.17610986930920.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765444854048, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:54.050] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:20:54.050] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:54.050] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:55.656] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24707 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.22.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.22.17610986930920.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=735cf00de1f5fa0ee531c0b04953787c6ebb19d1fe9d718d1f15814c7e0fe3e7&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T012055Z"} [2025-12-11 09:20:55.656] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:55.656] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:55.656] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:55.656] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:55.656] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:55.657] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:20:57.082] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.22.17610986930920.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765444857081, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:20:57.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:20:57.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:20:57.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:20:59.510] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24708 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.23.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.23.17610986930920.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T012059Z&X-Amz-Signature=805bb283e31dcdaa654dfada93e1cae51bb875bb60daed5b5801181627b5a65b"} [2025-12-11 09:20:59.510] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:20:59.510] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:20:59.510] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:20:59.510] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:20:59.510] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:20:59.511] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:01.032] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.23.17610986930920.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765444861031, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:01.032] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:21:01.032] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:01.032] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:02.759] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25113 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.24.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.24.17610986930920.jsonl?X-Amz-Date=20251211T012102Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6bcf2b443bf295fdf580222f45d01920e98ff678dab93da0d4eaf48b8f73c9d3"} [2025-12-11 09:21:02.759] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:02.759] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:02.759] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:02.759] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:02.759] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:02.760] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:04.008] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.24.17610986930920.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765444864008, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:04.008] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:21:04.008] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:04.008] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:06.173] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24709 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.25.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.25.17610986930920.jsonl?X-Amz-Date=20251211T012105Z&X-Amz-Expires=604800&X-Amz-Signature=fb62dd819678155f0fb1f7a8149460614261e1d8b43e2cdf3b99e80c7c65bfe2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:21:06.173] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:06.173] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:06.173] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:06.173] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:06.173] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:06.174] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:07.469] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.25.17610986930920.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765444867468, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:07.469] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:21:07.469] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:07.469] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:09.417] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24710 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.26.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.26.17610986930920.jsonl?X-Amz-Signature=32f49830489ffb11f4525a71e0ef3b072475d7059d2ac47b929e4b9e395c2770&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T012108Z&X-Amz-Expires=604800"} [2025-12-11 09:21:09.417] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:09.417] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:09.417] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:09.417] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:09.417] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:09.417] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:11.057] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.26.17610986930920.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765444871056, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:11.057] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:21:11.057] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:11.057] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:12.635] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24711 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.3.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.3.17610986930920.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T012112Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=94013cc34b97f2e8df5bb2d6d48cd0b4610fec9a6619e31b4fe6d2bd52ea03cf"} [2025-12-11 09:21:12.635] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:12.635] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:12.636] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:12.636] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:12.636] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:12.637] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:14.813] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.3.17610986930920.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765444874812, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:14.813] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 09:21:14.813] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:14.813] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:15.765] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25114 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.4.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.4.17610986930920.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T012115Z&X-Amz-Signature=7fee29da60b0f0c8228efb5f332d351b3359c826fc246845f2ca784bd5e10aae&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 09:21:15.765] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:15.765] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:15.765] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:15.765] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:15.765] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:15.795] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:16.929] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.4.17610986930920.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765444876928, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:16.929] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:21:19.291] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26356 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.5.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.5.17610986930920.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T012118Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8e204e469ff9d81fa5464c36bbedd5cbfcdc37c4165cb754620bb8b08be25284"} [2025-12-11 09:21:19.291] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:19.291] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:19.291] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:19.291] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:19.291] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:19.292] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:20.661] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.5.17610986930920.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765444880661, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 09:21:20.662] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 09:21:20.662] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:20.662] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:22.434] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26357 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.6.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.6.17610986930920.jsonl?X-Amz-Date=20251211T012122Z&X-Amz-Signature=90dc948ba5090b77487f7c56e25a28c2ab90f7ab84349d22e23b6c0ec2f82df3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 09:21:22.435] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:22.435] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:22.435] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:22.435] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:22.435] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:22.436] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:23.356] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.6.17610986930920.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765444883355, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:23.356] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:21:23.356] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:23.356] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:25.658] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26358 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.7.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.7.17610986930920.jsonl?X-Amz-Date=20251211T012125Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=db89ffc70347c3f0637cb5252197abd8c3246fc9f39233ade7eb423719e89351&X-Amz-SignedHeaders=host"} [2025-12-11 09:21:25.658] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:25.658] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:25.658] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:25.658] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:25.658] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:25.659] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:26.879] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.7.17610986930920.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765444886878, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:26.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:21:26.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:26.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:28.869] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24712 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.8.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.8.17610986930920.jsonl?X-Amz-Expires=604800&X-Amz-Signature=74f54e9dbd257e9ddd10dfd2a6913734932d3b40d36eaa4bb3c86dbe78f83ab1&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T012128Z"} [2025-12-11 09:21:28.870] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:28.870] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:28.870] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:28.870] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:28.870] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:28.871] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:30.229] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.8.17610986930920.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765444890228, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:30.229] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:21:30.229] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:30.229] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:32.085] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24713 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.17610986930920.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.17610986930920.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T012131Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b3e2cf562f8f4fd9c65a6fc4976f61d7cf5627385af65d4065618e84bd33054b"} [2025-12-11 09:21:32.085] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:32.085] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:32.085] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:32.085] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:32.085] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:32.086] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:33.430] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.17610986930920.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765444893429, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:21:33.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:21:33.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:21:33.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:21:57.589] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26359 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.1765416108.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.1765416108.jsonl?X-Amz-Signature=02e034a178d2f0cbca5fab2c6100e9d7b2284306ccefecf2216b9b47cff59089&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T012157Z"} [2025-12-11 09:21:57.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:21:57.589] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:21:57.589] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:21:57.589] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:21:57.589] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:21:57.590] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:21:57.598] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.1765416108.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765444917597, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 09:21:57.598] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:30:10.417] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25115 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.10.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.10.17610986930930.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=87d0d8b0382f862b909e8a31fc176c70090de02ff5c4b1585ed64f2536291826&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T013009Z"} [2025-12-11 09:30:10.418] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:10.418] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:10.418] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:10.418] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:10.418] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:10.419] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:11.768] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.10.17610986930930.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765445411767, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:11.768] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 09:30:11.768] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:11.768] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:13.545] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26360 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.11.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.11.17610986930930.jsonl?X-Amz-Date=20251211T013013Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=33b5a13f6e17e65e1e5f8112d30d78a24504f4efe765f5cf9b65d6eae2428950"} [2025-12-11 09:30:13.545] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:13.545] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:13.545] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:13.545] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:13.545] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:13.546] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:15.019] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.11.17610986930930.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765445415018, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:15.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:30:15.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:15.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:16.697] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24714 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.1.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.1.17610986930930.jsonl?X-Amz-Signature=96998b76bc95eea1831d41a531933044b7aceb83dc1d452b052a546688ac8365&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T013016Z&X-Amz-SignedHeaders=host"} [2025-12-11 09:30:16.697] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:16.697] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:16.697] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:16.697] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:16.697] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:16.698] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:18.319] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.1.17610986930930.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765445418318, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:18.320] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:30:18.320] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:18.320] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:19.943] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24715 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.12.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.12.17610986930930.jsonl?X-Amz-Signature=8dafc60a16acbbd55c0008751aee9ec64583ba197cf142dcbae9f61c7216de41&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T013019Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:30:19.943] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:19.943] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:19.943] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:19.943] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:19.943] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:19.944] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:21.573] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.12.17610986930930.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765445421573, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:21.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:30:21.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:21.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:23.098] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24716 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.13.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.13.17610986930930.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0a03c215016ba78ed6839579ac731ce23b0d7b1e4f5f57a0c148ab460a0dc9f1&X-Amz-Date=20251211T013022Z"} [2025-12-11 09:30:23.099] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:23.099] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:23.099] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:23.099] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:23.099] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:23.099] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:24.910] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.13.17610986930930.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765445424909, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:24.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:30:24.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:24.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:26.475] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24717 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.14.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.14.17610986930930.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b05382a65935dee53b779d40d0131ce7f7f6cb2a8a75b3e9fa88fde3e43102dc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T013026Z&X-Amz-Expires=604800"} [2025-12-11 09:30:26.475] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:26.475] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:26.475] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:26.475] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:26.475] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:26.476] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:28.072] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.14.17610986930930.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765445428071, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:28.072] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:30:28.072] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:28.072] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:29.602] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25116 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.15.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.15.17610986930930.jsonl?X-Amz-Signature=8531c6eabc081faf969d122ba7d99ab3c529e841e51e8277d75217f90d5f76aa&X-Amz-Date=20251211T013029Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 09:30:29.602] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:29.602] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:29.603] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:29.603] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:29.603] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:29.603] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:31.117] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.15.17610986930930.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765445431116, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 09:30:31.117] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:30:31.117] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:31.117] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:32.953] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24718 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.16.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.16.17610986930930.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c7f603863de642335be6bee31eb0e077a32331f70b5dc9f20dbead3d29810e69&X-Amz-Date=20251211T013032Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:30:32.953] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:32.953] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:32.953] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:32.953] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:32.953] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:32.953] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:34.838] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.16.17610986930930.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765445434837, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 09:30:34.838] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:30:34.838] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:34.838] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:36.413] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26361 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.17.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.17.17610986930930.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T013035Z&X-Amz-Signature=cc42de170a5018507f6aa70af56dc27b60e7609067fd0a5a0e99de0dc51b1648&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 09:30:36.413] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:36.413] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:36.413] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:36.413] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:36.414] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:36.414] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:37.733] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.17.17610986930930.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765445437732, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:37.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 09:30:37.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:37.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:39.549] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25117 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.18.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.18.17610986930930.jsonl?X-Amz-Date=20251211T013039Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=db98286317e935ef175bfbcb726c5a3b6d463c13709c1c1bab5050b2d5c07057"} [2025-12-11 09:30:39.549] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:39.549] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:39.550] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:39.550] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:39.550] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:39.551] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:40.933] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.18.17610986930930.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765445440933, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:40.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:30:40.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:40.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:42.695] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26362 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.19.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.19.17610986930930.jsonl?X-Amz-Signature=2a6c6738f4f2182a994d55d6c8e89e3eda46d43bc194a686011f5d7a6fbcf3cc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013042Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 09:30:42.695] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:42.695] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:42.695] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:42.695] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:42.695] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:42.695] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:43.924] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.19.17610986930930.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765445443923, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:43.924] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:30:43.924] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:43.924] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:45.868] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26363 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.20.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.20.17610986930930.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=877585aae74a02497767516683117ea98f91c996df8a99d837709a35842452e6&X-Amz-Expires=604800&X-Amz-Date=20251211T013045Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:30:45.868] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:45.868] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:45.868] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:45.868] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:45.868] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:45.869] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:47.112] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.20.17610986930930.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765445447111, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:47.112] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:30:47.112] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:47.112] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:49.002] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24719 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.21.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.21.17610986930930.jsonl?X-Amz-Signature=92033faa60d8ccf6db4932b5ec4d6774175b3eab449636891674362404e49de6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013048Z&X-Amz-Expires=604800"} [2025-12-11 09:30:49.002] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:49.002] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:49.002] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:49.002] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:49.002] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:49.003] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:50.499] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.21.17610986930930.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765445450498, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:50.499] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:30:52.221] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26364 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.2.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.2.17610986930930.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5d955b523fa4d6e3a400c5de0148756daf99820ae2dc02e68e672af965dae4a0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T013051Z"} [2025-12-11 09:30:52.222] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:52.222] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:52.222] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:52.222] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:52.222] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:52.223] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:54.219] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.2.17610986930930.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765445454218, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:54.219] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:30:54.219] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:54.219] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:55.719] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25118 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.22.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.22.17610986930930.jsonl?X-Amz-Signature=e681db75c9ee0b0ddedfb5f4930227f18598907df46b5d7e42319e55105129fa&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013055Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 09:30:55.719] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:55.719] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:55.720] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:55.720] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:55.720] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:55.721] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:30:57.018] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.22.17610986930930.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765445457017, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:30:57.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:30:57.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:30:57.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:30:59.595] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25119 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.23.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.23.17610986930930.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ab9b801239dc7ba611131ea153f4950c8505663c4dc39bb634a7b0db2a989c10&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013059Z"} [2025-12-11 09:30:59.595] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:30:59.595] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:30:59.595] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:30:59.595] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:30:59.595] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:30:59.596] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:01.121] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.23.17610986930930.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765445461120, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:01.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:31:01.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:01.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:02.870] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26365 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.24.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.24.17610986930930.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013102Z&X-Amz-Signature=214d7eabd6df958bbb0e537dac24d9149a3a5d9d336da104299eabb876c5cb74"} [2025-12-11 09:31:02.870] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:02.870] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:02.870] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:02.870] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:02.870] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:02.871] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:04.162] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.24.17610986930930.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765445464161, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:04.162] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:31:04.162] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:04.162] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:06.283] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24720 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.25.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.25.17610986930930.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013105Z&X-Amz-Expires=604800&X-Amz-Signature=ba04875e7a50b071fe40b1b29908e765ab8797e87baf5d17674f5fca176697c8"} [2025-12-11 09:31:06.283] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:06.283] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:06.284] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:06.284] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:06.284] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:06.284] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:07.577] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.25.17610986930930.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765445467577, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 09:31:07.577] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:31:07.577] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:07.577] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:09.523] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25120 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.26.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.26.17610986930930.jsonl?X-Amz-Signature=678e3dfaca9747dc06bf5e83b574efd0617d9093c5cddb8abc2cc166716ec4de&X-Amz-Date=20251211T013109Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:31:09.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:09.523] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:09.524] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:09.524] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:09.524] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:09.524] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:11.177] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.26.17610986930930.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765445471176, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:11.177] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 09:31:11.177] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:11.177] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:12.743] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26366 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.3.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.3.17610986930930.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T013112Z&X-Amz-Signature=65f92c79cef8767dfea58efd9ee183e2ac0efedfb5cd4f3643d55854df53187d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 09:31:12.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:12.743] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:12.744] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:12.744] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:12.744] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:12.744] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:14.901] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.3.17610986930930.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765445474900, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:14.901] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 09:31:14.901] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:14.901] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:15.882] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25121 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.4.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.4.17610986930930.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T013115Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1594e438a1867e34d11742900cbbb35706475cf249a8d9d23c2e15087fa6614c"} [2025-12-11 09:31:15.882] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:15.882] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:15.882] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:15.882] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:15.882] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:15.883] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:17.020] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.4.17610986930930.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765445477019, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:17.020] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:31:19.413] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24721 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.5.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.5.17610986930930.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=46e2f66d1ca688cfcd15811888c80b97afd08beaccd5a17e1e216ab1af518734&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T013119Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 09:31:19.414] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:19.414] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:19.414] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:19.414] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:19.414] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:19.415] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:20.801] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.5.17610986930930.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765445480800, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:20.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 09:31:20.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:20.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:22.568] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24722 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.6.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.6.17610986930930.jsonl?X-Amz-Signature=7e5e9d7999126df749c4e8a40931f28cfa81aacd5c1c38be4abfd84177c493d1&X-Amz-Expires=604800&X-Amz-Date=20251211T013122Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 09:31:22.568] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:22.569] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:22.569] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:22.569] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:22.569] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:22.570] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:23.536] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.6.17610986930930.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765445483535, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:23.536] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:31:23.536] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:23.536] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:25.784] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24723 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.7.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.7.17610986930930.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ac853e84d324baa90bba657feec4a89652736933dd33898fa32979d1de6b0159&X-Amz-Date=20251211T013125Z"} [2025-12-11 09:31:25.784] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:25.784] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:25.785] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:25.785] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:25.785] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:25.785] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:27.094] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.7.17610986930930.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765445487093, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:27.094] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 09:31:27.094] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:27.094] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:28.972] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26367 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.8.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.8.17610986930930.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=7b37c5b0b7f88599ca41d0ad37303be329ebb1a0769183b4eecb715a3d15ccff&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T013128Z&X-Amz-Expires=604800"} [2025-12-11 09:31:28.973] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:28.973] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:28.973] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:28.973] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:28.973] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:28.974] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:30.354] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.8.17610986930930.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765445490353, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:30.354] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 09:31:30.354] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:30.354] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:31:32.174] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24724 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.17610986930930.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.17610986930930.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T013131Z&X-Amz-Signature=bb8f2cd237b7fc9792db9838f4a8da2d6e409b1025f6663d706eca0453763e0f"} [2025-12-11 09:31:32.174] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:31:32.174] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:31:32.175] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:31:32.175] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:31:32.175] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:31:32.176] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:31:33.542] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.17610986930930.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765445493541, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 09:31:33.542] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 09:31:33.542] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 09:31:33.542] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 09:36:57.655] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24725 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.1765417009.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.1765417009.jsonl?X-Amz-Date=20251211T013657Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ef5670d689fe473ca5e096fee9250af7e17f75d0c09c515e361a3e789ed11313&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 09:36:57.656] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:36:57.656] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:36:57.656] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:36:57.656] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:36:57.656] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:36:57.657] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:36:57.665] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.1765417009.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765445817664, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 09:36:57.665] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:40:41.492] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25122 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.1765417232.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.1765417232.jsonl?X-Amz-Signature=dbb222c9d9eb8c2dc2299e66a380c7d0d2c5120cacc11b8a850b3c907ca125e4&X-Amz-Expires=604800&X-Amz-Date=20251211T014041Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 09:40:41.492] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:40:41.492] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:40:41.492] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:40:41.493] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:40:41.493] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:40:41.494] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:40:41.501] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.1765417232.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765446041500, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 09:40:41.501] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:40:44.596] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26368 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.1.1765417232.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.1.1765417232.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T014044Z&X-Amz-Signature=522fe823ccfb27459b70717a3e1359dde10481fd95fa72542d6ec1cb6c6b56cb"} [2025-12-11 09:40:44.596] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:40:44.596] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:40:44.596] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:40:44.596] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:40:44.596] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:40:44.597] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:40:44.605] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.1.1765417232.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765446044604, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 09:40:44.605] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 09:55:41.554] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25123 key: NULL payload: {"bucket":"2025-12-11","object":"09/output/cnn/alert.pcap.9.1765418133.jsonl","url":"http://111.32.12.11:9000/2025-12-11/09/output/cnn/alert.pcap.9.1765418133.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8864dacc5b2f854e4b52a299c9629b9ebc16017ecb6c63d93ec8e6a58706b6de&X-Amz-Date=20251211T015541Z"} [2025-12-11 09:55:41.554] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 09:55:41.554] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 09:55:41.554] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 09:55:41.554] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 09:55:41.554] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 09:55:41.555] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 09:55:41.560] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:09/output/cnn/alert.pcap.9.1765418133.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765446941559, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 09:55:41.560] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:10:42.904] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26369 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765419034.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765419034.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=568ac18b9e34f918836182edeccdcc8eb74cc26c20157c29e3dc67a85ada838c&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T021042Z"} [2025-12-11 10:10:42.904] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:10:42.904] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:10:42.904] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:10:42.904] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:10:42.904] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:10:42.905] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:10:42.913] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765419034.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765447842912, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:10:42.913] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:24:24.530] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24726 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765360664.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765360664.jsonl?X-Amz-Date=20251211T022424Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=52881f62d11702a89c1582f4f468ca24e40db6302149c97af32a265e106413b7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:24:24.530] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:24:24.530] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:24:24.530] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:24:24.530] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:24:24.530] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:24:24.531] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:24:24.540] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765360664.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448664539, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:24:24.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:13.035] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25124 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765360664.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765360664.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=811577513c1fe862893906d0bdfa18c30a53b9d3ca933875961812a37439393b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T022512Z"} [2025-12-11 10:25:13.035] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:13.035] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:13.036] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:13.036] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:13.036] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:13.037] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:13.046] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765360664.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448713045, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:13.046] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:13.635] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24727 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765417232.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765417232.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5c642d58e3e4d9b7260db1e54933bc32e279d840beb81730d1b565b61ab3de75&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022513Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:25:13.635] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:13.635] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:13.635] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:13.635] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:13.635] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:13.636] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:13.638] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765417232.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448713638, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:13.639] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:14.199] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24728 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765347149.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765347149.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e32c602afcd6f010861828a5b259754b170bd237383a40657a504ba1a77acbb0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T022514Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 10:25:14.199] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:14.199] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:14.199] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:14.199] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:14.199] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:14.199] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:14.205] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765347149.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448714204, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:14.205] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:14.756] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24729 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765357961.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765357961.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=de2c4562134f3605d16dd11299471f92759c063cc86a9b6b5ff7bbc08c5903b8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022514Z"} [2025-12-11 10:25:14.756] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:14.756] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:14.756] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:14.756] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:14.756] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:14.756] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:14.759] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765357961.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448714759, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:14.759] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:15.286] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26370 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765348050.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765348050.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=d49f51e8869239705ee090e4f236b73477c562879ea5ab3db2810fb54f2e2948&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022515Z"} [2025-12-11 10:25:15.286] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:15.286] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:15.286] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:15.286] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:15.286] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:15.286] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:15.289] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765348050.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448715289, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:15.289] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:15.858] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25125 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765346248.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765346248.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T022515Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=4171e356f651b2dac00f1173a6c3b6d5bf1855a9549509fe3da610b370bb60ad"} [2025-12-11 10:25:15.858] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:15.858] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:15.858] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:15.858] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:15.858] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:15.859] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:15.862] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765346248.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448715861, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:15.862] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:16.422] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24730 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765355258.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765355258.jsonl?X-Amz-Expires=604800&X-Amz-Signature=8530fc40b3b4d92b39c14afb079d9c0a12aeec192bb3d12709dabaf0b425d68d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022516Z"} [2025-12-11 10:25:16.422] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:16.422] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:16.422] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:16.422] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:16.422] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:16.423] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:16.427] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765355258.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448716427, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:16.427] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:16.952] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25126 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765416108.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765416108.jsonl?X-Amz-Signature=654fe006993b0fdda26d9c949acf509bc79045fae9eb116ad13c07a84be3392a&X-Amz-Date=20251211T022516Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 10:25:16.952] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:16.952] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:16.952] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:16.952] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:16.952] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:16.952] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:16.955] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765416108.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448716955, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:16.955] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:17.489] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24731 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765351654.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765351654.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T022517Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=aafbd0b960d9ea3f5cd3df2076a0024f62c47266bf71d4798f327d884a27bdb3"} [2025-12-11 10:25:17.489] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:17.489] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:17.489] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:17.489] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:17.489] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:17.489] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:17.492] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765351654.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448717492, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:17.492] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:18.046] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25127 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765350753.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765350753.jsonl?X-Amz-Signature=49e1f2644b006c1c1fe28c78c9ce717deb6ce3a48cfe035479a2660a4b7def72&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T022518Z&X-Amz-SignedHeaders=host"} [2025-12-11 10:25:18.046] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:18.046] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:18.046] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:18.046] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:18.046] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:18.046] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:18.049] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765350753.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448718049, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:18.049] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:18.611] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24732 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765348951.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765348951.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T022518Z&X-Amz-SignedHeaders=host&X-Amz-Signature=60ac2c254e839632572baeefc0efbbb580460a27fdf62dabd0ba89eaf9e4d344"} [2025-12-11 10:25:18.611] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:18.611] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:18.611] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:18.611] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:18.611] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:18.611] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:18.614] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765348951.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448718614, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:18.614] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:19.233] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25128 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765418133.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765418133.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022519Z&X-Amz-Signature=4d51aa87994dbc33137fa3994f8dcd1bef373e225ce48c7c7c61e1fad0205482&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 10:25:19.233] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:19.233] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:19.234] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:19.234] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:19.234] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:19.234] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:19.242] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765418133.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448719241, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:19.242] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:19.844] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24733 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765354357.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765354357.jsonl?X-Amz-Date=20251211T022519Z&X-Amz-Signature=f14497589b7d4aa88c4d4dd90b916e0097ea58dbf266821ee80b1ed02bdd9217&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 10:25:19.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:19.844] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:19.844] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:19.845] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:19.845] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:19.845] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:19.848] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765354357.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448719847, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:19.848] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:20.451] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24734 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765352555.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765352555.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=90a9481bff8a9c92f62d124a85b75bd0356c2b372d2c5c52b8139c4a63555502&X-Amz-Date=20251211T022520Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 10:25:20.451] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:20.451] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:20.451] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:20.451] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:20.451] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:20.451] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:20.454] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765352555.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448720454, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:20.454] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:20.946] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25129 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765349852.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765349852.jsonl?X-Amz-Signature=3c9007e7fb5f3f5b729cf91d7ae9adfdc6b9de7c0c2e0496af3e41c057a2d30f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T022520Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 10:25:20.946] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:20.946] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:20.946] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:20.946] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:20.946] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:20.947] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:20.949] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765349852.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448720949, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:20.949] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:21.521] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26371 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765353456.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765353456.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1ef08c7607069221e61303eafb3ad90e2d10120f84e306606a5ac3a8bf669c42&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T022521Z&X-Amz-Expires=604800"} [2025-12-11 10:25:21.521] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:21.521] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:21.521] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:21.521] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:21.521] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:21.521] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:21.524] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765353456.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448721524, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:21.524] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:22.022] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24735 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765359763.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765359763.jsonl?X-Amz-Date=20251211T022522Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0ec227847a1832b3b255944a5cb9bc0f3c466df891789461d6a3cb6c7295d9d8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 10:25:22.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:22.022] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:22.022] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:22.022] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:22.022] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:22.022] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:22.025] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765359763.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448722025, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:22.025] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:22.561] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25130 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765358862.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765358862.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4abf1a3de2a46e73e64531346037b45d960c344f12567751efc7b9e4ee94b4ff&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022522Z&X-Amz-Expires=604800"} [2025-12-11 10:25:22.561] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:22.561] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:22.561] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:22.561] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:22.561] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:22.562] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:22.570] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765358862.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448722569, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:22.570] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:23.157] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26372 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765356159.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765356159.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2a003f31a53f40f05bf644d5377c674804337df9cf8d4bc472a17f106bd7ca76&X-Amz-Date=20251211T022523Z"} [2025-12-11 10:25:23.157] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:23.157] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:23.158] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:23.158] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:23.158] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:23.158] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:23.161] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765356159.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448723161, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:23.161] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:23.683] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26373 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765357060.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765357060.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9c482782c2bae06d77e0f04ef40111029145a4f2f2d6dffd6bf91cdd8df0627f&X-Amz-Date=20251211T022523Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:25:23.683] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:23.683] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:23.683] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:23.683] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:23.683] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:23.684] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:23.686] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765357060.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448723686, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:23.686] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:24.284] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26374 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765419034.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765419034.jsonl?X-Amz-Expires=604800&X-Amz-Signature=2b82beec7961a8ac158457760426e0f7529b7b4e2e6a3d4d12d50c8111116b2d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T022524Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:25:24.284] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:24.284] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:24.284] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:24.285] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:24.285] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:24.285] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:24.288] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765419034.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448724287, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:24.288] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:25:44.707] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26375 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765419935.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765419935.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T022544Z&X-Amz-Signature=0c44e15bb9feeda4e5c180af698562d81f78d08dde81d99961918ad067a76448&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 10:25:44.707] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:25:44.707] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:25:44.708] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:25:44.708] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:25:44.708] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:25:44.709] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:25:44.716] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765419935.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765448744716, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:25:44.716] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:26.668] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26376 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765360664.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765360664.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023226Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b277be015d68f3a0f123e27ac8d065f2640a9d43ceb3b69578cb3ae2c804678c"} [2025-12-11 10:32:26.668] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:26.668] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:26.669] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:26.669] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:26.669] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:26.669] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:26.671] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765360664.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449146671, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:26.671] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:29.921] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24736 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765417232.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765417232.jsonl?X-Amz-Date=20251211T023229Z&X-Amz-Signature=2abbded484566f052221b5598f67618225d16d35b2157d4cfd66a2a0098a63a2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 10:32:29.921] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:29.921] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:29.921] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:29.921] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:29.921] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:29.921] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:29.924] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765417232.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449149923, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:29.924] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:30.806] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26377 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765347149.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765347149.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023230Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=32ba0631d8483a83a479288160a7b3f38448ae6ea510dbc43748b7934176d54d"} [2025-12-11 10:32:30.807] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:30.807] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:30.807] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:30.807] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:30.807] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:30.807] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:30.809] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765347149.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449150809, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:30.809] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:31.705] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26378 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765357961.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765357961.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=16d3443f0dd2a946a625b0e3924e13b4de822cd1ff2fe719960c362286603983&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T023231Z"} [2025-12-11 10:32:31.705] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:31.705] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:31.705] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:31.705] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:31.705] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:31.705] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:31.708] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765357961.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449151707, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:31.708] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:32.699] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26379 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765348050.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765348050.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T023232Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c607b937ebcaa66af40788a93f85314bca6b08778d7bc41890b4bbbc1a81bdf2"} [2025-12-11 10:32:32.699] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:32.699] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:32.699] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:32.699] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:32.699] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:32.700] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:32.702] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765348050.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449152702, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:32.702] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:33.497] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26380 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765346248.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765346248.jsonl?X-Amz-Date=20251211T023233Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=31a16644ebbc9ffad5020823a54abf16e3884e4b68967b33b984bfb76fbf50d6&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:32:33.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:33.497] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:33.497] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:33.497] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:33.497] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:33.497] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:33.500] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765346248.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449153500, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:33.500] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:34.364] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24737 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765355258.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765355258.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T023234Z&X-Amz-Signature=6b31558f92fa7df0166cc9c3db4d462cbee6e23852fbb3c00a455386bce780ea"} [2025-12-11 10:32:34.364] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:34.364] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:34.364] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:34.364] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:34.364] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:34.364] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:34.367] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765355258.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449154367, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:34.367] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:35.195] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24738 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765416108.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765416108.jsonl?X-Amz-Date=20251211T023235Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ab4d8c3ab4bd6e87d0815b1bc13d3e48e8046f8796f6afb95e68fdd821c2cc52&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 10:32:35.195] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:35.195] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:35.195] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:35.195] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:35.195] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:35.195] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:35.198] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765416108.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449155197, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:35.198] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:36.274] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24739 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765351654.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765351654.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b3748402156aef52ec0a71eca4db22090322a6f618b7452d52fd4945a1c5616f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023236Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:32:36.274] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:36.274] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:36.274] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:36.274] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:36.274] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:36.274] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:36.277] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765351654.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449156277, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:36.277] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:37.090] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25131 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765350753.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765350753.jsonl?X-Amz-Signature=4c9d56fbc8d9650d88589403cc423b8b5c922b04252ca7c8c889750e7d34e005&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023237Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 10:32:37.091] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:37.091] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:37.091] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:37.091] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:37.091] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:37.092] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:37.098] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765350753.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449157097, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:37.098] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:37.968] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26381 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765348951.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765348951.jsonl?X-Amz-Signature=7360917dfc803d949e36b15f784a5f5a6e3ac44f2ad117d3bfd90ae0dd2966c0&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023237Z&X-Amz-SignedHeaders=host"} [2025-12-11 10:32:37.968] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:37.968] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:37.968] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:37.968] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:37.968] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:37.968] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:37.971] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765348951.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449157971, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:37.971] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:38.822] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26382 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765418133.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765418133.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=bafd903c392e3d9b20faf72089c7fb73c3da7812c510e2c2ca8cbb6248265015&X-Amz-Date=20251211T023238Z"} [2025-12-11 10:32:38.822] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:38.822] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:38.822] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:38.822] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:38.822] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:38.822] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:38.825] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765418133.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449158825, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:38.825] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:39.629] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24740 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765354357.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765354357.jsonl?X-Amz-Signature=6a8b216cc6f35265fc5f1737e9ba9c91750719b64a53072df099019e6c730455&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T023239Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 10:32:39.629] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:39.629] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:39.630] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:39.630] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:39.630] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:39.630] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:39.633] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765354357.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449159633, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:39.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:40.524] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26383 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765352555.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765352555.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T023240Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b48db2d46a89f864e643359b53bd1bc9eb928c1009b6af2168e3f676a7ad0b49"} [2025-12-11 10:32:40.524] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:40.524] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:40.524] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:40.524] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:40.524] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:40.525] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:40.528] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765352555.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449160527, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:40.528] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:41.603] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24741 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765349852.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765349852.jsonl?X-Amz-Date=20251211T023241Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=68122a00da82ae7343546b80ca9f407de5728777771d83d8e52ef9fbf74775de"} [2025-12-11 10:32:41.603] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:41.603] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:41.604] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:41.604] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:41.604] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:41.605] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:41.611] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765349852.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449161610, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:41.611] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:42.483] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24742 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765353456.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765353456.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=666dfaa63de43625dc20ab7a194d9a258919bb9b07ed19b054e14455eed881f3&X-Amz-Date=20251211T023242Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 10:32:42.483] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:42.483] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:42.483] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:42.483] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:42.483] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:42.484] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:42.487] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765353456.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449162487, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:42.487] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:43.218] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25132 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765359763.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765359763.jsonl?X-Amz-Signature=90019dd5bbdf2341380bdec060fe10e81fef52a50ede030e661881557f76e3d9&X-Amz-Date=20251211T023243Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 10:32:43.218] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:43.218] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:43.218] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:43.218] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:43.218] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:43.218] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:43.221] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765359763.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449163221, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:43.221] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:43.751] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26384 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765358862.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765358862.jsonl?X-Amz-Signature=f82686a016e543987ebfcfc115cea8e42c8442a52454c33adae5578dc11b4b49&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T023243Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:32:43.751] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:43.751] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:43.751] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:43.751] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:43.751] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:43.752] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:43.754] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765358862.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449163754, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:43.754] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:44.303] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26385 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765419935.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765419935.jsonl?X-Amz-Date=20251211T023244Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=327cba9377ac6cad22d620b33f511b099ead95f4c42b452aa05f4adf21ff3683&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 10:32:44.303] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:44.303] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:44.303] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:44.303] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:44.303] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:44.304] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:44.307] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765419935.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449164306, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:44.307] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:44.861] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25133 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765356159.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765356159.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023244Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4374f55ce657b2823072df55c49e06e715e4f60bda30e736f7ae80fe08a0ea2b"} [2025-12-11 10:32:44.861] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:44.861] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:44.861] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:44.861] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:44.861] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:44.862] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:44.865] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765356159.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449164865, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:44.865] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:45.397] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26386 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765357060.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765357060.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T023245Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bbd0f2f7b5fd3d444182496a8ece2b88bf272d41029ec9cd3681e4e289b154c0"} [2025-12-11 10:32:45.397] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:45.397] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:45.397] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:45.397] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:45.397] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:45.397] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:45.400] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765357060.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449165400, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:45.400] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:32:45.969] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26387 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765419034.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765419034.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T023245Z&X-Amz-Signature=c5036db6603b7f6cdec030237dd77a4426d43456ede39ff579fa067eb82d2eef"} [2025-12-11 10:32:45.969] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:32:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:32:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:32:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:32:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:32:45.970] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:32:45.973] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765419034.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449165973, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:32:45.973] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:40:54.174] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26388 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765420836.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765420836.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7b89da616cabe1e449471ef1a6c0264174fc15dd3dd294c8ff4bb79e2487a7e8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T024053Z"} [2025-12-11 10:40:54.174] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:40:54.174] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:40:54.174] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:40:54.174] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:40:54.174] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:40:54.175] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:40:54.183] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765420836.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765449654182, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:40:54.183] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 10:55:45.589] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25134 key: NULL payload: {"bucket":"2025-12-11","object":"10/output/cnn/alert.pcap.9.1765421737.jsonl","url":"http://111.32.12.11:9000/2025-12-11/10/output/cnn/alert.pcap.9.1765421737.jsonl?X-Amz-Date=20251211T025545Z&X-Amz-Expires=604800&X-Amz-Signature=116e7ccf75245619e395a900f197e2de56021d64251f6e31ff1839cabd2d7006&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 10:55:45.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 10:55:45.589] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 10:55:45.590] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 10:55:45.590] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 10:55:45.590] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 10:55:45.591] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 10:55:45.600] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:10/output/cnn/alert.pcap.9.1765421737.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765450545598, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 10:55:45.600] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:10:46.982] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24743 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.1765422638.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.1765422638.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fa363cad5158227dd530061f625b7f3a1695dde81acef569fac031d54a1d109c&X-Amz-Date=20251211T031046Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:10:46.982] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:10:46.982] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:10:46.983] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:10:46.983] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:10:46.983] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:10:46.983] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:10:46.991] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.1765422638.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765451446990, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 11:10:46.991] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:35.120] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24744 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.22.1765423286.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.22.1765423286.jsonl?X-Amz-Signature=63376abf3618e52dab638451610d0974b3ab29098682c38c8fcb34fb0e26ab62&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T032134Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:21:35.120] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:35.120] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:35.120] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:35.120] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:35.120] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:35.121] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:35.330] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.22.1765423286.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765452095329, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423286461916, "etime": 1765423286461916, "src_ip": "20.190.163.19", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61338, "protocol": "tls", "result": "Normal"}, {"stime": 1765423290758546, "etime": 1765423290758546, "src_ip": "202.89.233.96", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61359, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:35.330] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:38.866] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26389 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.11.1765423279.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.11.1765423279.jsonl?X-Amz-Date=20251211T032138Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0cffcaba9c50f00d1de1dde4c1849453d1e6fc8ab128939d0062804a8583ef37"} [2025-12-11 11:21:38.867] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:38.867] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:38.867] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:38.867] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:38.867] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:38.868] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:38.991] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.11.1765423279.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452098991, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423294007997, "etime": 1765423294007997, "src_ip": "36.151.250.204", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61453, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:38.992] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:41.971] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24745 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.12.1765423290.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.12.1765423290.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=d5d199642a7fc07d62cf06fd0a6647efd2bfc713780d2b0e6844446bfc1dfef3&X-Amz-Date=20251211T032141Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:21:41.971] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:41.971] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:41.971] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:41.971] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:41.971] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:41.972] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:41.979] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.12.1765423290.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765452101978, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 11:21:41.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:45.075] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24746 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.17.1765423278.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.17.1765423278.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7182dc8cd1ccc7f4d8348f9e559dd4185e2487b411eb57c1416add73d82fe108&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T032144Z"} [2025-12-11 11:21:45.076] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:45.076] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:45.076] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:45.076] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:45.076] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:45.077] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:45.207] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.17.1765423278.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452105206, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423291547914, "etime": 1765423291547914, "src_ip": "36.151.250.204", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61382, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:45.207] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:48.178] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26390 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.16.1765423279.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.16.1765423279.jsonl?X-Amz-Signature=ae7e670ff134acbf55095c5652ea7f775a550aaac0c2b30ac95a1c20ff7ce0a1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T032147Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 11:21:48.178] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:48.178] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:48.178] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:48.178] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:48.178] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:48.179] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:48.309] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.16.1765423279.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452108308, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423295908548, "etime": 1765423295908548, "src_ip": "150.171.30.11", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61489, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:48.309] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:51.279] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26391 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.5.1765423291.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.5.1765423291.jsonl?X-Amz-Expires=604800&X-Amz-Signature=5cb38c88cab6f04364a8f1bb7aabb7a9367945dacd5a5370258cc76210faf502&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T032150Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:21:51.280] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:51.280] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:51.280] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:51.280] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:51.280] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:51.281] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:51.480] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.5.1765423291.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765452111479, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423292304351, "etime": 1765423292304351, "src_ip": "221.181.72.153", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61431, "protocol": "tls", "result": "Normal"}, {"stime": 1765423291681015, "etime": 1765423291681015, "src_ip": "223.111.181.3", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61396, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:51.480] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:54.383] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26392 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.18.1765423292.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.18.1765423292.jsonl?X-Amz-Signature=2f5c0d1303a13a2458f7b77beacbaa49d1018f5c3a461d146a0447f29014191d&X-Amz-Date=20251211T032153Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:21:54.383] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:54.383] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:54.384] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:54.384] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:54.384] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:54.384] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:54.559] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.18.1765423292.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765452114558, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423300139425, "etime": 1765423300139425, "src_ip": "120.240.229.59", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61524, "protocol": "tls", "result": "Normal"}, {"stime": 1765423292002484, "etime": 1765423292002484, "src_ip": "180.163.247.134", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61402, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:54.559] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:21:57.501] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26393 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.3.1765423279.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.3.1765423279.jsonl?X-Amz-Signature=8e5416b7e37efce5e1616b27dd29ab336e27d4d88a4a4f7c40abf9114e96d57a&X-Amz-Expires=604800&X-Amz-Date=20251211T032157Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 11:21:57.501] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:21:57.502] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:21:57.502] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:21:57.502] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:21:57.502] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:21:57.503] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:21:57.667] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.3.1765423279.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765452117666, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423295756614, "etime": 1765423295756614, "src_ip": "36.150.208.249", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61487, "protocol": "tls", "result": "Normal"}, {"stime": 1765423300012918, "etime": 1765423300012918, "src_ip": "120.238.155.44", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61521, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:21:57.667] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:06.369] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25135 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.20.1765423311.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.20.1765423311.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=f99670563c0fec3d7ceab66197e7fefdb490e4f178ed92432d29fad32fa0b46d&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T032205Z"} [2025-12-11 11:22:06.369] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:06.369] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:06.370] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:06.370] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:06.370] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:06.371] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:06.378] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.20.1765423311.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765452126377, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 11:22:06.378] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:09.473] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26394 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.19.1765423279.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.19.1765423279.jsonl?X-Amz-Signature=c52fb4088628ba857fc1b3fc3779871bcddac4e70ee59dc47421035c0f66fd42&X-Amz-Date=20251211T032209Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:22:09.473] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:09.474] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:09.602] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.19.1765423279.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452129601, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423318154280, "etime": 1765423318154280, "src_ip": "52.183.205.142", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61587, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:22:09.602] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:12.575] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24747 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.24.1765423320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.24.1765423320.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T032212Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4fb9c6704af5fd7b5f98b95307eae7fd766e9fae48ee51bd1e8456295834dfc6"} [2025-12-11 11:22:12.575] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:12.575] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:12.575] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:12.575] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:12.575] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:12.576] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:12.703] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.24.1765423320.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452132703, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423320356792, "etime": 1765423320356792, "src_ip": "223.109.81.235", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61597, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:22:12.703] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:15.678] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25136 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.21.1765423292.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.21.1765423292.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T032215Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=857ad2381f8cc8bbb8999113d7ac9eccc3bd6044dd4c6fe2484cd81c131d7072"} [2025-12-11 11:22:15.678] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:15.678] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:15.678] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:15.678] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:15.678] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:15.679] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:15.797] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.21.1765423292.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452135796, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423292269463, "etime": 1765423292269463, "src_ip": "120.233.4.223", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61432, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:22:15.797] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:22.639] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24748 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.23.1765423295.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.23.1765423295.jsonl?X-Amz-Signature=11e5ed6281db9a36200e47240baee3c2dfa9ad942ac2fb014991e8a1bb077830&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T032222Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 11:22:22.639] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:22.639] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:22.639] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:22.639] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:22.639] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:22.640] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:22.767] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.23.1765423295.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452142766, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423295119100, "etime": 1765423295119100, "src_ip": "36.150.233.53", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61473, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:22:22.767] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:36.391] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26395 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.14.1765423291.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.14.1765423291.jsonl?X-Amz-Signature=31c6737b69efc01974307f272d9e9296022332a225ad4c1f5f288215320c4305&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T032235Z&X-Amz-SignedHeaders=host"} [2025-12-11 11:22:36.391] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:36.391] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:36.391] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:36.391] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:36.391] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:36.392] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:36.517] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.14.1765423291.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765452156517, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423291526787, "etime": 1765423291526787, "src_ip": "223.113.140.167", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61384, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:22:36.517] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:22:47.642] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26396 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.2.1765423325.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.2.1765423325.jsonl?X-Amz-Date=20251211T032247Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9645229467f8c58da2dfe8901601f20ec415aeabbfa73fcad90f4d09847efcb8"} [2025-12-11 11:22:47.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:22:47.642] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:22:47.642] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:22:47.642] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:22:47.642] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:22:47.643] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:22:47.855] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.2.1765423325.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765452167854, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765423343124611, "etime": 1765423343124611, "src_ip": "221.181.72.191", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61635, "protocol": "tls", "result": "Normal"}, {"stime": 1765423359125787, "etime": 1765423359125787, "src_ip": "23.54.61.119", "dest_ip": "10.1.166.121", "src_port": 443, "dest_port": 61675, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:22:47.855] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:25:47.730] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25137 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.1765423539.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.1765423539.jsonl?X-Amz-Date=20251211T032547Z&X-Amz-Signature=f0d41b67f0b88d33d6810b38e04f225f800aed353cee7fcb96b03a9117feb51f&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 11:25:47.730] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:25:47.730] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:25:47.731] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:25:47.731] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:25:47.731] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:25:47.732] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:25:47.740] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.1765423539.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765452347739, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 11:25:47.740] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:30:10.519] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24749 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.10.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.10.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T033010Z&X-Amz-SignedHeaders=host&X-Amz-Signature=87e6518116d0e9dda81e9fa4d90b58e8faf34e4a670ec198e215d9145d0e0f97&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:30:10.519] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:10.519] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:10.519] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:10.519] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:10.519] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:10.520] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:11.849] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.10.17610986931130.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765452611848, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:11.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 11:30:11.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:11.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:13.676] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26397 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.11.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.11.17610986931130.jsonl?X-Amz-Date=20251211T033013Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a41a2dd46587bd71b196e60522f1135867085495fae11b07c62a9096a69b75ce&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:30:13.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:13.676] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:13.676] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:13.676] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:13.676] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:13.677] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:15.158] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.11.17610986931130.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765452615157, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:15.158] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:30:15.158] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:15.158] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:16.827] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24750 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.1.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.1.17610986931130.jsonl?X-Amz-Expires=604800&X-Amz-Signature=3c79b306c0a80b32a1887d9c25e0b3035809786cb5796feda8f8017e1c080182&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T033016Z"} [2025-12-11 11:30:16.827] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:16.827] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:16.827] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:16.827] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:16.827] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:16.828] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:18.477] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.1.17610986931130.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765452618476, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:18.477] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:30:18.477] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:18.477] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:20.019] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25138 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.12.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.12.17610986931130.jsonl?X-Amz-Date=20251211T033019Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0f6980513ca8c351b25173cc0527604fc86b4cc40767b43e76bb8e6537c6da0a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 11:30:20.020] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:20.020] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:20.020] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:20.020] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:20.020] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:20.020] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:21.691] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.12.17610986931130.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765452621690, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:21.691] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:30:21.691] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:21.691] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:23.175] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25139 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.13.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.13.17610986931130.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f67891e3f4b69dc48c0161d8a04ad7df922d72338afb049e1a4d45bc2da84488&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T033022Z&X-Amz-Expires=604800"} [2025-12-11 11:30:23.175] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:23.175] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:23.175] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:23.175] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:23.175] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:23.176] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:25.006] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.13.17610986931130.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765452625005, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:25.006] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:30:25.006] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:25.006] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:26.556] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25140 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.14.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.14.17610986931130.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T033026Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=888c4cddfe486102ff2459c76cac2abd26b006f4732167b85be1749f80147196"} [2025-12-11 11:30:26.556] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:26.556] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:26.556] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:26.556] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:26.556] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:26.557] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:28.077] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.14.17610986931130.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765452628076, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:28.077] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:30:28.077] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:28.077] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:29.679] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26398 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.15.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.15.17610986931130.jsonl?X-Amz-Date=20251211T033029Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=94dbdabcecc7f7a0c02862fbc42c4fc2f5fb79993cc00378a014ee83b9fdf135"} [2025-12-11 11:30:29.679] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:29.679] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:29.679] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:29.679] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:29.679] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:29.680] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:31.044] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.15.17610986931130.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765452631044, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:31.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:30:31.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:31.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:33.021] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25141 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.16.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.16.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=82882313ffaca907c99e734f4225a544f3cb9458533ab304485508b659555e71&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T033032Z&X-Amz-Expires=604800"} [2025-12-11 11:30:33.021] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:33.021] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:33.021] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:33.021] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:33.021] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:33.021] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:34.846] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.16.17610986931130.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765452634845, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:34.846] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:30:34.846] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:34.846] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:36.487] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26399 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.17.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.17.17610986931130.jsonl?X-Amz-Signature=ba6cc57eac755656ca8564822e4940870d5e5024a5de416927852264bc70bac8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T033036Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:30:36.487] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:36.487] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:36.487] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:36.487] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:36.487] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:36.487] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:37.789] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.17.17610986931130.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765452637788, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:37.789] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 11:30:37.789] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:37.789] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:39.660] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26400 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.18.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.18.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T033039Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1168987ae3231859a801faaa055c283d2725e8baa1e14407ae7aa15c631f4b18&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:30:39.660] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:39.660] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:39.660] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:39.660] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:39.660] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:39.661] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:41.019] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.18.17610986931130.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765452641018, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:41.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:30:41.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:41.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:42.828] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24751 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.19.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.19.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=404c1510d911ad9d63330769432d166706bfe2f68ad80bd00b97c61459f25e2f&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T033042Z"} [2025-12-11 11:30:42.828] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:42.828] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:42.828] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:42.828] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:42.828] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:42.829] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:44.071] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.19.17610986931130.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765452644070, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:44.071] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:30:44.071] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:44.071] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:46.009] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24752 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.20.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.20.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=285677948cfd2ccec0724e14ead4fb813304d8f0f36bb067857d546027e61320&X-Amz-Date=20251211T033045Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:30:46.009] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:46.009] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:46.009] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:46.009] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:46.009] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:46.010] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:47.219] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.20.17610986931130.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765452647219, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:47.220] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:30:47.220] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:47.220] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:49.144] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25142 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.21.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.21.17610986931130.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=321bb63e3857f97012a088a34b6241c31e2f859066d37d433f33031c610a6747&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T033048Z"} [2025-12-11 11:30:49.144] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:49.144] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:49.144] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:49.144] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:49.144] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:49.144] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:50.577] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.21.17610986931130.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765452650576, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:50.577] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:30:52.343] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25143 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.2.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.2.17610986931130.jsonl?X-Amz-Date=20251211T033051Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=477a5cb3b3eac74b65f0fb7c18ef9e358b8cb8e37a54f1f39401c0fbd7f6367d&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:30:52.343] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:52.344] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:52.344] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:52.344] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:52.344] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:52.344] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:54.300] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.2.17610986931130.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765452654299, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:54.300] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:30:54.300] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:54.300] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:55.861] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24753 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.22.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.22.17610986931130.jsonl?X-Amz-Expires=604800&X-Amz-Signature=d3dde607261be86d286bbbde6f0cc508fc6393e3b78725579c80f1c129d97c83&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T033055Z"} [2025-12-11 11:30:55.861] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:55.861] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:55.861] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:55.861] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:55.861] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:55.862] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:30:57.169] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.22.17610986931130.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765452657168, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:30:57.169] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:30:57.169] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:30:57.169] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:30:59.719] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25144 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.23.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.23.17610986931130.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T033059Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=606410d9641fa5aed4feafb4d58954338a15c7f92d2daa0875212acd4b95c04f"} [2025-12-11 11:30:59.719] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:30:59.719] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:30:59.720] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:30:59.720] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:30:59.720] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:30:59.720] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:01.246] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.23.17610986931130.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765452661246, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:01.246] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:31:01.246] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:01.246] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:02.956] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24754 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.24.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.24.17610986931130.jsonl?X-Amz-Signature=9595de907f582efd17499c350033d6311e04d83b78146f5cc70a72ae6b771709&X-Amz-Date=20251211T033102Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:31:02.956] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:02.956] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:02.956] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:02.956] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:02.956] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:02.957] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:04.264] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.24.17610986931130.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765452664263, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:04.264] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:31:04.264] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:04.264] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:06.375] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25145 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.25.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.25.17610986931130.jsonl?X-Amz-Signature=377b4c679b691653074a38530b030b59ad988aa6949b89ef2386879c124a015e&X-Amz-Date=20251211T033106Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:31:06.375] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:06.375] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:06.376] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:06.376] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:06.376] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:06.376] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:07.690] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.25.17610986931130.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765452667689, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:07.690] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:31:07.690] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:07.690] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:09.612] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24755 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.26.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.26.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T033109Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=67afb499e21c03f8a3e7a102f19278f9b2b6f6e0cdddcbe77a8d8959a4aaa9fa"} [2025-12-11 11:31:09.612] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:09.612] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:09.612] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:09.612] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:09.612] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:09.613] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:11.276] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.26.17610986931130.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765452671275, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:11.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:31:11.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:11.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:12.848] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24756 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.3.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.3.17610986931130.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T033112Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=3e845d3696678ffc07ee03fe65e23e6073fafa765a4ea0d25e349b8a4b0077df&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:31:12.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:12.849] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:12.849] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:12.849] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:12.849] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:12.849] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:15.121] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.3.17610986931130.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765452675120, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:15.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 11:31:15.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:15.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:15.979] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24757 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.4.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.4.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T033115Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f59b03d2950b2bab4a57e5e4beda84f277e77f185db4855ba01552764b7d0d4e"} [2025-12-11 11:31:15.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:15.979] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:15.979] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:15.979] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:15.979] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:15.980] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:17.152] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.4.17610986931130.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765452677152, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:17.153] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:31:19.511] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25146 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.5.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.5.17610986931130.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=526170e464a47126bc3084145f30469ae88b42ddb181acaa8e25cd04538b757d&X-Amz-Date=20251211T033119Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 11:31:19.511] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:19.511] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:19.511] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:19.511] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:19.511] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:19.512] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:20.890] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.5.17610986931130.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765452680889, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:20.890] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 11:31:20.890] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:20.890] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:22.651] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26401 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.6.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.6.17610986931130.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=e94c3fbeddb65615dd0bca3a7ebeff0012dd7c46fbe4176621b9d19f8f3bf372&X-Amz-Expires=604800&X-Amz-Date=20251211T033122Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:31:22.652] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:22.652] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:22.652] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:22.652] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:22.652] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:22.653] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:23.593] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.6.17610986931130.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765452683593, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:23.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:31:23.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:23.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:25.920] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25147 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.7.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.7.17610986931130.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d5cc0e4bae2916d4a346c56d37264591fc946cf671c8ada9d58f27fdc435bb4f&X-Amz-Date=20251211T033125Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:31:25.920] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:25.920] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:25.920] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:25.920] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:25.920] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:25.921] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:27.436] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.7.17610986931130.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765452687435, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:27.436] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:31:27.436] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:27.436] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:29.110] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25148 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.8.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.8.17610986931130.jsonl?X-Amz-Signature=f56cf31c95905b5c0caf791408fb7b4e04d32eb97041a9f966a599916f3ebffd&X-Amz-Date=20251211T033128Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:31:29.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:29.110] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:29.111] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:29.111] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:29.111] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:29.111] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:30.479] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.8.17610986931130.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765452690478, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:30.479] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:31:30.479] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:30.479] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:31:32.305] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26402 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.17610986931130.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.17610986931130.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T033131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=1242b048ab222e3c062a68401b413950c4de408095d134e09143fc6806842536&X-Amz-SignedHeaders=host"} [2025-12-11 11:31:32.305] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:31:32.305] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:31:32.305] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:31:32.305] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:31:32.305] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:31:32.306] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:31:33.681] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.17610986931130.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765452693680, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:31:33.681] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:31:33.681] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:31:33.681] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:10.597] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26403 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.10.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.10.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=e45e9b09f6a413a47d03390b5c0e3c7bdde35a17f7f3b82e24f3b4233fbd0e67&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T034010Z"} [2025-12-11 11:40:10.597] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:10.597] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:10.597] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:10.597] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:10.597] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:10.597] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:11.946] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.10.17610986931140.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765453211946, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 11:40:11.946] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 11:40:11.946] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:11.946] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:13.747] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26404 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.11.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.11.17610986931140.jsonl?X-Amz-Date=20251211T034013Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=fc25002eeb1e73688e464fc6f5bf88ee00f2dfb9f670b3185eb2b190bb0b6421"} [2025-12-11 11:40:13.747] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:13.747] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:13.747] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:13.747] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:13.747] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:13.748] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:15.204] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.11.17610986931140.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765453215203, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:15.204] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:40:15.204] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:15.204] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:16.899] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24758 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.1.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.1.17610986931140.jsonl?X-Amz-Date=20251211T034016Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=9c7b6c371e06752f828be36d0ac3e0f742624531dfd32e633c50fb5dd54498f4"} [2025-12-11 11:40:16.899] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:16.899] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:16.899] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:16.899] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:16.899] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:16.899] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:18.547] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.1.17610986931140.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765453218546, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:18.547] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:40:18.547] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:18.547] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:20.093] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26405 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.12.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.12.17610986931140.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=bd1b29f47193435a65b7dd89cb8611c10a4cd0dd8889f66298dea55e6bf79077&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T034019Z"} [2025-12-11 11:40:20.093] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:20.093] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:20.094] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:20.094] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:20.094] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:20.095] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:21.690] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.12.17610986931140.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765453221689, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:21.690] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:40:21.690] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:21.690] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:23.248] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26406 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.13.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.13.17610986931140.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=11e3c1a5007c966c76cceddcc08f7e11d1070ad04939184965736269818635d2&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T034022Z"} [2025-12-11 11:40:23.249] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:23.249] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:23.249] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:23.249] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:23.249] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:23.250] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:25.060] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.13.17610986931140.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765453225059, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:25.060] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:40:25.060] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:25.060] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:26.619] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26407 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.14.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.14.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T034026Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=1c9a4e2ff4097e2430908542f71b7349eccfdbbfe575ab50392f3c041503742f"} [2025-12-11 11:40:26.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:26.619] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:26.620] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:26.620] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:26.620] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:26.620] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:28.202] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.14.17610986931140.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765453228201, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:28.202] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:40:28.202] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:28.202] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:29.743] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26408 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.15.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.15.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T034029Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d3e40bb36e0780a8ad0ebe85f4c24099477b3b1e947d070795993562753d4f68&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 11:40:29.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:29.743] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:29.743] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:29.744] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:29.744] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:29.744] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:31.275] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.15.17610986931140.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765453231274, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 11:40:31.275] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:40:31.275] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:31.275] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:33.095] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24759 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.16.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.16.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T034032Z&X-Amz-Signature=b543f62a16f16052bcf10ac08aedcb0d42648139d28187b89ea4c9ec98fd5ab0&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:40:33.096] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:33.096] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:33.096] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:33.096] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:33.096] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:33.096] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:34.979] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.16.17610986931140.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765453234978, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:34.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:40:34.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:34.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:36.576] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25149 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.17.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.17.17610986931140.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=b3549b413fc373b875e75859a36c0db3c1e91a0388efe523c972b7bee2aea731&X-Amz-Date=20251211T034036Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 11:40:36.576] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:36.576] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:36.577] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:36.577] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:36.577] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:36.577] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:37.888] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.17.17610986931140.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765453237887, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:37.888] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 11:40:37.888] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:37.888] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:39.719] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26409 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.18.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.18.17610986931140.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T034039Z&X-Amz-Expires=604800&X-Amz-Signature=01ec3f21b8507d5377b0c37a8b82f0d98c842b55825215bffdb545d2dcb12bf6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:40:39.719] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:39.719] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:39.719] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:39.719] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:39.719] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:39.720] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:41.089] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.18.17610986931140.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765453241088, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:41.089] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:40:41.089] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:41.089] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:42.871] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25150 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.19.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.19.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T034042Z&X-Amz-Signature=bce69635be31403af8e27377e7db4d31ef576329ed19e16d33b0067b4e84af59"} [2025-12-11 11:40:42.871] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:42.871] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:42.872] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:42.872] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:42.872] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:42.873] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:44.158] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.19.17610986931140.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765453244158, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:44.158] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:40:44.158] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:44.158] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:46.047] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26410 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.20.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.20.17610986931140.jsonl?X-Amz-Date=20251211T034045Z&X-Amz-Expires=604800&X-Amz-Signature=ca97aff1353dc35ae04bbb2f1596d9ccd23d51606971a56d3be7dfe5395ef0db&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:40:46.047] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:46.047] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:46.047] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:46.048] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:46.048] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:46.048] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:47.287] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.20.17610986931140.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765453247286, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:47.287] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:40:47.287] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:47.287] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:49.189] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25151 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.21.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.21.17610986931140.jsonl?X-Amz-Date=20251211T034048Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=35cd981844748f70c5291df54cd9b2b83318a1af25486176fbc22f7f50f91738&X-Amz-Expires=604800"} [2025-12-11 11:40:49.189] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:49.189] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:49.189] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:49.189] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:49.189] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:49.190] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:50.633] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.21.17610986931140.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765453250632, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:50.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:40:52.378] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24760 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.2.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.2.17610986931140.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=af403bc117b7401a93087863f601776c06df5a317a9a10cc9b5a52a7cbc336b2&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T034052Z"} [2025-12-11 11:40:52.379] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:52.379] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:52.379] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:52.379] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:52.379] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:52.379] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:54.317] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.2.17610986931140.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765453254316, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:54.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:40:54.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:54.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:55.945] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25152 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.22.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.22.17610986931140.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=4057eb83d6687e7498860b7c0556b861d54749183396601d9e04e0dfe00ad288&X-Amz-Date=20251211T034055Z"} [2025-12-11 11:40:55.946] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:55.946] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:55.946] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:55.946] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:55.946] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:55.946] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:40:57.249] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.22.17610986931140.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765453257248, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:40:57.249] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:40:57.249] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:40:57.249] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:40:59.809] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25153 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.23.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.23.17610986931140.jsonl?X-Amz-Date=20251211T034059Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=957d6a6679154b9e573b1a1e3c03ebab72f9e05e7c1018cf4c5b80e2c6b19748"} [2025-12-11 11:40:59.810] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:40:59.810] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:40:59.810] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:40:59.810] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:40:59.810] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:40:59.810] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:01.196] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.23.17610986931140.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765453261195, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:01.196] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:41:01.196] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:01.196] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:03.035] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26411 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.24.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.24.17610986931140.jsonl?X-Amz-Signature=ba354bfab96dd92027b6f6743c6ef6a73833a38f0cd2f4f89be513f253ddb9d0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T034102Z&X-Amz-SignedHeaders=host"} [2025-12-11 11:41:03.035] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:03.035] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:03.035] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:03.035] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:03.035] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:03.035] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:04.262] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.24.17610986931140.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765453264261, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 11:41:04.262] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:41:04.262] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:04.262] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:06.450] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26412 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.25.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.25.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=153c0fb6deef3c84ba29fc480cd746bc546b170e0e6e5abe6d7855431dd22402&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T034106Z"} [2025-12-11 11:41:06.450] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:06.450] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:06.450] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:06.450] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:06.450] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:06.451] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:07.758] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.25.17610986931140.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765453267758, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 11:41:07.758] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:41:07.758] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:07.759] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:09.692] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25154 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.26.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.26.17610986931140.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=9f3d744135067bc45718a818fb6ebc3488e69f5e2a0a659c1047a96e74daab8a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T034109Z"} [2025-12-11 11:41:09.692] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:09.692] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:09.692] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:09.692] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:09.692] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:09.693] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:11.381] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.26.17610986931140.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765453271380, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:11.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:41:11.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:11.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:12.911] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26413 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.3.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.3.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d16687c3c0b50498625a7256a97f8f765026f35b8d948d586dbd97f1a98880b3&X-Amz-Date=20251211T034112Z"} [2025-12-11 11:41:12.911] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:12.911] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:12.911] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:12.911] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:12.911] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:12.912] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:15.166] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.3.17610986931140.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765453275165, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:15.166] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 11:41:15.166] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:15.166] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:16.050] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24761 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.4.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.4.17610986931140.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cd296dfa3bd87f4dcfcf605e61dae8cde32e78c76d34f0c19c9c0ee28042e48b&X-Amz-Date=20251211T034115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:41:16.051] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:16.051] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:16.051] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:16.051] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:16.051] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:16.051] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:17.200] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.4.17610986931140.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765453277199, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:17.200] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:41:19.589] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24762 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.5.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.5.17610986931140.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ad203548355d6c11216f4981deb152d48ed75cfbfe0ff8201751d3d0cc879146&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T034119Z"} [2025-12-11 11:41:19.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:19.589] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:19.589] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:19.589] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:19.589] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:19.590] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:20.950] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.5.17610986931140.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765453280949, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:20.950] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 11:41:20.950] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:20.950] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:22.730] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26414 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.6.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.6.17610986931140.jsonl?X-Amz-Date=20251211T034122Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8081b20447934dcf6eb514c5a075365ff0904f46c850dfee7704dc3cab373bb5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 11:41:22.730] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:22.730] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:22.731] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:22.731] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:22.731] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:22.731] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:23.622] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.6.17610986931140.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765453283621, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:23.622] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:41:23.622] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:23.622] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:25.956] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25155 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.7.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.7.17610986931140.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9380abdec4699d21b7bb05c01a5843eab1aea522f200b58d600ef353a07af4e1&X-Amz-Date=20251211T034125Z&X-Amz-Expires=604800"} [2025-12-11 11:41:25.957] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:25.957] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:25.957] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:25.957] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:25.957] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:25.958] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:27.333] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.7.17610986931140.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765453287333, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:27.334] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:41:27.334] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:27.334] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:29.171] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25156 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.8.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.8.17610986931140.jsonl?X-Amz-Date=20251211T034128Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8fc47ac73ee20645e1f0e6584303dda6b380ac5cd11c54b87e8214eabb52cc31&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:41:29.171] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:29.171] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:29.171] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:29.171] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:29.171] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:29.172] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:30.544] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.8.17610986931140.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765453290543, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:30.544] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:41:30.544] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:30.544] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:32.359] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25157 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.17610986931140.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.17610986931140.jsonl?X-Amz-Signature=850683608b2b1c962623d7d2d8586bf72bbcf7bb504a5433a064c4038d6cac2f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T034131Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:41:32.360] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:32.360] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:32.360] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:32.360] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:32.360] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:32.360] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:33.725] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.17610986931140.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765453293724, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:41:33.725] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:41:33.725] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:41:33.725] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:41:35.750] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25158 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.1765424440.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.1765424440.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T034135Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b5c65e547f1d55b6e6c1adc6e8bd2301d7df5beb1cc58c6682c4258dd1d5b234"} [2025-12-11 11:41:35.750] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:41:35.750] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:41:35.750] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:41:35.750] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:41:35.750] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:41:35.750] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:41:35.756] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.1765424440.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765453295755, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 11:41:35.756] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:50:10.684] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24763 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.10.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.10.17610986931150.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035010Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8f933523a6af4a0ebfd726deb91951f4a77d24cd57d79690c218c9a51b767b1e"} [2025-12-11 11:50:10.684] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:10.684] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:10.684] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:10.684] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:10.684] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:10.686] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:12.037] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.10.17610986931150.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765453812036, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:12.037] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 11:50:12.037] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:12.037] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:13.819] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24764 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.11.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.11.17610986931150.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T035013Z&X-Amz-Expires=604800&X-Amz-Signature=fb9c937717e3753b6b879bb53231e253c19962533034d3806d057aa37c53fb18"} [2025-12-11 11:50:13.819] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:13.819] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:13.819] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:13.819] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:13.820] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:13.820] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:15.310] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.11.17610986931150.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765453815309, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:15.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:50:15.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:15.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:16.972] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24765 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.1.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.1.17610986931150.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035016Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9ffe5d6828d3f2bcc219dfc313cd3fcf739a1dbf1cb4e035988e89c1febab522"} [2025-12-11 11:50:16.972] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:16.972] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:16.972] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:16.972] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:16.972] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:16.973] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:18.642] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.1.17610986931150.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765453818641, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:18.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:50:18.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:18.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:20.180] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26415 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.12.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.12.17610986931150.jsonl?X-Amz-Date=20251211T035019Z&X-Amz-Signature=527c577b42322138b8eb581eaec3a26e55e6b27830e44453e822402991039b4f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 11:50:20.180] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:20.180] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:20.180] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:20.180] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:20.180] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:20.180] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:21.852] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.12.17610986931150.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765453821851, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:21.852] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:50:21.852] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:21.852] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:23.339] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26416 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.13.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.13.17610986931150.jsonl?X-Amz-Signature=fedfe73b69b24261bb652699ccbf2de5aa2d24a458e54126fa149f51c5e67ee0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035022Z&X-Amz-Expires=604800"} [2025-12-11 11:50:23.339] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:23.339] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:23.340] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:23.340] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:23.340] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:23.340] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:25.172] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.13.17610986931150.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765453825171, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:25.172] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:50:25.172] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:25.172] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:26.736] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24766 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.14.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.14.17610986931150.jsonl?X-Amz-Date=20251211T035026Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=843030c39c533b12677a7e5ac8b2abe308041d15e906f7c3fd4f8a6a6c6c4be1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:50:26.736] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:26.736] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:26.736] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:26.736] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:26.736] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:26.737] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:28.352] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.14.17610986931150.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765453828351, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:28.352] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:50:28.352] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:28.352] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:29.862] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25159 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.15.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.15.17610986931150.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035029Z&X-Amz-Expires=604800&X-Amz-Signature=7c2fece2af9c707637d638210fc38bab55f14d2c48ee0d4b17dac8aa295c8b83&X-Amz-SignedHeaders=host"} [2025-12-11 11:50:29.863] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:29.863] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:29.863] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:29.863] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:29.863] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:29.863] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:31.409] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.15.17610986931150.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765453831408, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:31.409] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:50:31.409] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:31.409] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:33.140] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26417 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.16.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.16.17610986931150.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T035032Z&X-Amz-Signature=b1a82cc5d33ebae29a434fb5c295b8216c57d7c5e1bc33f3d28f2d2d79cda072&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:50:33.140] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:33.140] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:33.140] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:33.140] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:33.140] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:33.141] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:35.047] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.16.17610986931150.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765453835046, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:35.047] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:50:35.047] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:35.047] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:36.601] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26418 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.17.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.17.17610986931150.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035036Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2ca9773b453e48a84ecc4ece7fb291ba0ba4c51f628aa96d6134d18c73e49ca4"} [2025-12-11 11:50:36.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:36.601] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:36.602] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:36.602] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:36.602] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:36.603] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:37.937] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.17.17610986931150.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765453837936, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:37.937] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 11:50:37.937] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:37.937] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:39.747] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24767 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.18.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.18.17610986931150.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1db22cb256d7b270745f59d5c63f518672a7dd3511cc08dc2d6c2b9e02fbb981&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035039Z"} [2025-12-11 11:50:39.747] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:39.747] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:39.747] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:39.747] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:39.747] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:39.748] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:41.136] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.18.17610986931150.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765453841135, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:41.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:50:41.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:41.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:42.886] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26419 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.19.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.19.17610986931150.jsonl?X-Amz-Signature=e1e3573dcebe5b4bb83e2362dc96f36dfc8aee73f2b5689ccf4a80c0a03f6225&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035042Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:50:42.886] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:42.886] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:42.886] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:42.886] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:42.886] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:42.887] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:44.156] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.19.17610986931150.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765453844155, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:44.156] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:50:44.156] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:44.156] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:46.061] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26420 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.20.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.20.17610986931150.jsonl?X-Amz-Date=20251211T035045Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cfeddee79567a0cd0defa77ca2c009820a2e472b7e3e463fbc284fe4d8bfa84b"} [2025-12-11 11:50:46.061] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:46.061] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:46.061] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:46.061] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:46.061] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:46.061] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:47.300] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.20.17610986931150.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765453847299, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 11:50:47.300] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:50:47.300] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:47.300] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:49.197] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25160 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.21.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.21.17610986931150.jsonl?X-Amz-Date=20251211T035048Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=87a6ddcb81377fb2ab50089d0e5e34acfeca9be36484fa605fcc0362a77cc90b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 11:50:49.197] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:49.197] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:49.197] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:49.198] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:49.198] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:49.198] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:50.658] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.21.17610986931150.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765453850657, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:50.658] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:50:52.430] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24768 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.2.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.2.17610986931150.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=14855bb83a6218ca6bb0632d6c2b57b5b5f9323824957d1d68800f100dd051d7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035052Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 11:50:52.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:52.430] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:52.431] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:52.431] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:52.431] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:52.431] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:54.385] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.2.17610986931150.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765453854384, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:50:54.385] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:50:54.385] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:54.385] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:55.938] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26421 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.22.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.22.17610986931150.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b58c1cb7db18f84106fded274f9de1b4a627eda6c75a4cc74f576c1f230640e0&X-Amz-Date=20251211T035055Z"} [2025-12-11 11:50:55.938] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:55.938] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:55.938] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:55.938] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:55.938] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:55.938] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:50:57.322] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.22.17610986931150.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765453857321, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 11:50:57.322] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:50:57.322] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:50:57.322] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:50:59.888] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26422 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.23.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.23.17610986931150.jsonl?X-Amz-Signature=85c545b3ea7f5fd1c7050ce0782a7353df0a0f9d0fe00fa96f9f12a0c3d461fd&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035059Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:50:59.888] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:50:59.888] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:50:59.888] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:50:59.888] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:50:59.888] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:50:59.889] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:01.426] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.23.17610986931150.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765453861425, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:01.426] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:51:01.426] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:01.426] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:03.112] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25161 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.24.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.24.17610986931150.jsonl?X-Amz-Date=20251211T035102Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d3f3b92def52cb390909d74cbca40853ece0e8e722ae0f0b35f684c163a4d49d"} [2025-12-11 11:51:03.112] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:03.113] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:03.113] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:03.113] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:03.113] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:03.114] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:04.376] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.24.17610986931150.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765453864375, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 11:51:04.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:51:04.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:04.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:06.537] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26423 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.25.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.25.17610986931150.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035106Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=94ed5409e2d759ef7f48088bd7f30ce50f5468176aea1e004e108daaa254c845"} [2025-12-11 11:51:06.537] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:06.537] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:06.537] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:06.537] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:06.537] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:06.538] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:07.854] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.25.17610986931150.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765453867853, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:07.854] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:51:07.854] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:07.854] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:09.787] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25162 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.26.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.26.17610986931150.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=9d6779928022731e92c8a22c84377cd3da3c281c1c2822948285635160eedcba&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035109Z"} [2025-12-11 11:51:09.787] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:09.787] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:09.787] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:09.787] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:09.787] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:09.788] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:11.461] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.26.17610986931150.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765453871460, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:11.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 11:51:11.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:11.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:13.009] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25163 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.3.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.3.17610986931150.jsonl?X-Amz-Signature=c671e992b9c1a3d85e004404d4783274825e5c6cc63438074bd1b12214e511bf&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035112Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 11:51:13.009] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:13.009] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:13.009] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:13.009] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:13.009] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:13.010] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:15.189] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.3.17610986931150.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765453875188, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:15.189] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 11:51:15.189] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:15.189] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:16.140] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26424 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.4.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.4.17610986931150.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035115Z&X-Amz-Signature=d1266c1116b19878b70c74e19da7e02dfaacef2fec0e262ae72b81981ee7672e&X-Amz-Expires=604800"} [2025-12-11 11:51:16.140] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:16.140] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:16.140] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:16.140] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:16.140] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:16.141] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:17.273] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.4.17610986931150.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765453877271, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:17.273] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 11:51:19.663] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24769 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.5.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.5.17610986931150.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ea7593155fd5ccfa42a3c95aef8fe3bec257cd00a293a819aa7a4a51640378a3&X-Amz-Date=20251211T035119Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:51:19.664] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:19.664] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:19.664] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:19.664] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:19.664] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:19.664] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:21.018] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.5.17610986931150.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765453881018, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:21.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 11:51:21.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:21.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:22.805] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24770 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.6.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.6.17610986931150.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T035122Z&X-Amz-Expires=604800&X-Amz-Signature=46d50ca095480a944c8718067dd3d480ac365adbb42bdfc19136a4de796bbe9c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 11:51:22.805] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:22.805] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:22.805] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:22.805] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:22.805] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:22.806] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:23.733] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.6.17610986931150.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765453883732, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:23.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:51:23.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:23.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:26.077] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25164 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.7.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.7.17610986931150.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f57089b2f2699e270ccbe44e93939e57bf0f0b7a7077c8d94a79cf769a94f620&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T035125Z"} [2025-12-11 11:51:26.077] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:26.077] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:26.078] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:26.078] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:26.078] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:26.078] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:27.392] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.7.17610986931150.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765453887392, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 11:51:27.392] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 11:51:27.393] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:27.393] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:29.269] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26425 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.8.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.8.17610986931150.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T035128Z&X-Amz-Signature=8214a27fe3e1a8cf23a6f8cb18e0cf8c41e5521220959ddf0852a3c2e50d908f&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 11:51:29.269] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:29.269] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:29.269] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:29.269] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:29.269] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:29.270] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:30.642] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.8.17610986931150.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765453890641, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 11:51:30.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 11:51:30.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:30.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:51:32.460] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25165 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.17610986931150.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.17610986931150.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T035131Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3beffd3166e268b95f103dc5e6279d9b79c76d86eb24c833f3da0b432b62be67"} [2025-12-11 11:51:32.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:51:32.461] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:51:32.461] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:51:32.461] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:51:32.461] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:51:32.461] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:51:33.836] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.17610986931150.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765453893835, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 11:51:33.836] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 11:51:33.836] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 11:51:33.836] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 11:55:49.220] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26426 key: NULL payload: {"bucket":"2025-12-11","object":"11/output/cnn/alert.pcap.9.1765425341.jsonl","url":"http://111.32.12.11:9000/2025-12-11/11/output/cnn/alert.pcap.9.1765425341.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9d6fdcc791eaad1715b3b19a2b7991eef5ce26220e2cea1062346652e493b926&X-Amz-Date=20251211T035548Z&X-Amz-Expires=604800"} [2025-12-11 11:55:49.221] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 11:55:49.221] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 11:55:49.221] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 11:55:49.221] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 11:55:49.221] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 11:55:49.222] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 11:55:49.231] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:11/output/cnn/alert.pcap.9.1765425341.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765454149230, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 11:55:49.231] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:00:10.764] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26427 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.10.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.10.17610986931200.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3bb2ffa953ca45d0905d20f488707183b098afbaeea682eb2ac2f03e97102471&X-Amz-Date=20251211T040010Z&X-Amz-Expires=604800"} [2025-12-11 12:00:10.764] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:10.764] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:10.764] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:10.764] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:10.764] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:10.765] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:12.123] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.10.17610986931200.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765454412122, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:12.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:00:12.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:12.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:13.913] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26428 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.11.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.11.17610986931200.jsonl?X-Amz-Signature=d5055ef644b31f4f3a3fb88a770717f0074f04db75558e0d333f272b6b9ce67d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T040013Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 12:00:13.913] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:13.913] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:13.913] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:13.913] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:13.913] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:13.914] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:15.378] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.11.17610986931200.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765454415377, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:15.378] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:00:15.378] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:15.378] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:17.106] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26429 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.1.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.1.17610986931200.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9d9003569e6ff2e52ceee1d18ea1e9258c8591f8f3f2b2a626bb6cfd64f2ef24&X-Amz-Date=20251211T040016Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:00:17.106] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:17.106] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:17.106] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:17.106] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:17.106] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:17.106] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:18.794] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.1.17610986931200.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765454418793, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:18.794] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:00:18.794] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:18.794] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:20.317] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24771 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.12.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.12.17610986931200.jsonl?X-Amz-Signature=b269d4b28732c5b1cd06d0ad6ba58f0e2871557c776add07f8d30d7f0ab726f7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040019Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:00:20.317] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:20.317] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:20.317] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:20.317] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:20.317] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:20.318] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:22.026] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.12.17610986931200.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765454422025, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:22.026] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:00:22.026] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:22.026] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:23.473] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26430 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.13.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.13.17610986931200.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T040023Z&X-Amz-Signature=43e0d028970241277f70df2bbcc0137cb379a0229e762b65366c7b439d16a510"} [2025-12-11 12:00:23.474] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:23.474] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:23.474] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:23.474] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:23.474] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:23.475] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:25.299] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.13.17610986931200.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765454425298, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:25.299] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:00:25.299] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:25.299] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:26.850] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25166 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.14.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.14.17610986931200.jsonl?X-Amz-Date=20251211T040026Z&X-Amz-Expires=604800&X-Amz-Signature=9aad2e63998bae250d143c5a3f42d3e86ff06fab65b9d529d268c17602043f7f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:00:26.851] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:26.851] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:26.851] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:26.851] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:26.851] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:26.851] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:28.432] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.14.17610986931200.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765454428431, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:28.432] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:00:28.432] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:28.432] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:29.975] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25167 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.15.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.15.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1b64767399ab17ae82307573d682ba39003e09012f4a8354b99fde6b7ed31418&X-Amz-Date=20251211T040029Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:00:29.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:29.975] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:29.975] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:29.975] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:29.975] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:29.976] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:31.513] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.15.17610986931200.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765454431512, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:31.513] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:00:31.513] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:31.513] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:33.313] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25168 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.16.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.16.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T040032Z&X-Amz-Signature=56b812255bb4427967d85d2762344cf82fa961401e5a09d26df047053a9d2c5b&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:00:33.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:33.313] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:33.313] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:33.313] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:33.313] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:33.313] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:35.412] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.16.17610986931200.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765454435411, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:35.412] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:00:35.412] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:35.412] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:36.772] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24772 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.17.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.17.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040036Z&X-Amz-Expires=604800&X-Amz-Signature=68590850c9be41d273615d4c208da3da5b5bad95f3b699b92e1e2dfc29ad6c67"} [2025-12-11 12:00:36.772] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:36.772] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:36.772] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:36.772] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:36.772] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:36.773] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:38.085] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.17.17610986931200.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765454438085, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:38.085] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:00:38.085] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:38.085] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:39.909] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25169 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.18.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.18.17610986931200.jsonl?X-Amz-Date=20251211T040039Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c63cfc384729805874b99c6cc6a5944f2315763b8f57e0112093cc89b85f12cb&X-Amz-SignedHeaders=host"} [2025-12-11 12:00:39.909] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:39.909] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:39.909] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:39.910] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:39.910] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:39.910] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:41.646] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.18.17610986931200.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765454441645, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:41.646] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:00:41.646] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:41.646] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:43.050] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26431 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.19.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.19.17610986931200.jsonl?X-Amz-Date=20251211T040042Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4d1027a2964d7f42c5d0a60441878aea4a9a74b0a883ab549d112fe1c4185262"} [2025-12-11 12:00:43.050] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:43.050] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:43.050] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:43.050] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:43.050] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:43.107] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:44.363] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.19.17610986931200.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765454444362, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:44.363] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:00:44.363] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:44.363] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:46.279] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26432 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.20.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.20.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f1013943dde2933a68ddcd43e0def082eb873c698859aa964bcb7f21cd3a70b3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T040045Z&X-Amz-Expires=604800"} [2025-12-11 12:00:46.279] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:46.279] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:46.280] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:46.280] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:46.280] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:46.280] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:47.516] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.20.17610986931200.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765454447515, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:00:47.516] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:00:47.516] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:47.516] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:49.464] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26433 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.21.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.21.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=cd8e17c9132b0aafe807413f1de69f7155d68c214d01a9017290015545e9e7d0&X-Amz-Date=20251211T040049Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:00:49.464] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:49.464] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:49.465] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:49.465] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:49.465] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:49.470] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:50.981] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.21.17610986931200.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765454450980, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:50.981] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:00:52.664] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24773 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.2.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.2.17610986931200.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040052Z&X-Amz-Expires=604800&X-Amz-Signature=4e43e3d2fe4c3710cabdcc7fffdd9792b633dff55fb66a23e67a38abeb06bc17&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:00:52.664] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:52.664] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:52.665] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:52.665] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:52.665] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:52.666] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:54.647] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.2.17610986931200.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765454454646, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:54.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:00:54.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:54.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:00:56.174] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25170 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.22.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.22.17610986931200.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040055Z&X-Amz-Signature=f758fe77c3838f2de1b4b7048a6e3347d06b0947327814d7a454db3e22776b28&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:00:56.174] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:00:56.174] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:00:56.174] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:00:56.174] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:00:56.174] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:00:56.175] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:00:57.510] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.22.17610986931200.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765454457509, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:00:57.510] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:00:57.510] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:00:57.510] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:00.039] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25171 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.23.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.23.17610986931200.jsonl?X-Amz-Date=20251211T040059Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0f3f80c4f89a31bd2bdc4c89b86c0cbe6ec188db9001ab5b4921674e013c543d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:01:00.039] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:00.039] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:00.039] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:00.040] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:00.040] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:00.040] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:01.602] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.23.17610986931200.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765454461601, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:01.602] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:01:01.602] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:01.602] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:03.265] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25172 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.24.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.24.17610986931200.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=211ae3f8085d9a5300a145853dd4e15e0240c209d4ece076b07e251931faa7f6&X-Amz-Expires=604800&X-Amz-Date=20251211T040102Z"} [2025-12-11 12:01:03.265] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:03.265] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:03.265] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:03.265] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:03.265] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:03.265] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:04.591] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.24.17610986931200.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765454464590, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:04.591] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:01:04.591] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:04.591] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:06.691] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25173 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.25.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.25.17610986931200.jsonl?X-Amz-Signature=9bb98c449baea2cb82b8cd94752ff86527cdf2da65553f6734e0504fb3be90b7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040106Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:01:06.691] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:06.691] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:06.691] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:06.691] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:06.691] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:06.692] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:08.007] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.25.17610986931200.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765454468006, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:08.007] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:01:08.007] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:08.007] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:09.935] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25174 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.26.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.26.17610986931200.jsonl?X-Amz-Signature=7c9d43a995444699b8427cfe12d45f0675c0316868b4290f3e2746fd79a1bf36&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040109Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:01:09.936] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:09.936] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:09.936] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:09.936] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:09.936] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:09.936] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:11.605] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.26.17610986931200.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765454471604, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:11.605] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:01:11.605] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:11.605] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:13.160] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24774 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.3.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.3.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T040112Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=17a4b28ccff044b92829023163ce0ba98fb2730c1f1023816e5aa7fed812058a"} [2025-12-11 12:01:13.160] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:13.160] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:13.160] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:13.161] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:13.161] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:13.161] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:15.434] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.3.17610986931200.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765454475433, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:15.434] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:01:15.434] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:15.434] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:16.291] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26434 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.4.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.4.17610986931200.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=94887586dff3f8ae5ec0a42db06fa1e6405807c3b2cc625278942476454fd3a7"} [2025-12-11 12:01:16.291] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:16.291] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:16.291] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:16.292] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:16.292] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:16.292] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:17.461] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.4.17610986931200.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765454477460, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:17.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:01:19.782] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26435 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.5.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.5.17610986931200.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T040119Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=aa5b7e3a8f1e9c00b240f12f1f89d8df7f1565e6b9fcfcd10b58a5cae7d81322"} [2025-12-11 12:01:19.782] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:19.782] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:19.782] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:19.782] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:19.782] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:19.783] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:21.208] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.5.17610986931200.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765454481207, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:21.208] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:01:21.208] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:21.208] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:22.927] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24775 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.6.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.6.17610986931200.jsonl?X-Amz-Signature=2660d8d49504bac2a2beff715fa178ab6d5d077b02e7396da87c274dfa8ecdfa&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T040122Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:01:22.927] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:22.927] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:22.927] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:22.927] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:22.927] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:22.928] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:23.843] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.6.17610986931200.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765454483843, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:01:23.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:01:23.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:23.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:26.140] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24776 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.7.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.7.17610986931200.jsonl?X-Amz-Date=20251211T040125Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c6434888f9c95368d8a108560f33e0f162848abbb54da58ae1808a7304527761&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:01:26.140] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:26.140] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:26.140] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:26.140] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:26.140] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:26.141] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:27.375] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.7.17610986931200.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765454487374, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:27.375] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:01:27.375] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:27.375] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:29.329] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24777 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.8.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.8.17610986931200.jsonl?X-Amz-Date=20251211T040128Z&X-Amz-Signature=e4249ff92091751b162bcb8b11c95bbae7cff0e9a189e01de8324a63d5c8fceb&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:01:29.329] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:29.329] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:29.329] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:29.329] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:29.329] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:29.329] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:30.609] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.8.17610986931200.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765454490608, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:30.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:01:30.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:30.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:01:32.527] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26436 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.17610986931200.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.17610986931200.jsonl?X-Amz-Signature=83ef78a40b9d58d46807cab1391d98d764625f0707d8d7937c224ace25e21a32&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T040132Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 12:01:32.527] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:01:32.527] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:01:32.527] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:01:32.527] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:01:32.527] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:01:32.527] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:01:33.841] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.17610986931200.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765454493840, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:01:33.841] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:01:33.841] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:01:33.841] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:10.874] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26437 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.10.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.10.17610986931210.jsonl?X-Amz-Signature=dd5a9201276efe797eba2094bbde01af86b6a656f1b1c12e21f2f1fe5b0e1ed1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T041010Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:10:10.874] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:10.874] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:10.874] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:10.874] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:10.874] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:10.874] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:12.060] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.10.17610986931210.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765455012059, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:12.060] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:10:12.060] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:12.060] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:14.064] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25175 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.11.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.11.17610986931210.jsonl?X-Amz-Signature=a4393be210483c405ea54d7906510d2e1875dcd13397d82d1d3b531fdddab8ae&X-Amz-Date=20251211T041013Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:10:14.064] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:14.064] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:14.064] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:14.064] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:14.064] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:14.065] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:15.438] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.11.17610986931210.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765455015437, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:15.438] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:10:15.438] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:15.438] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:17.216] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25176 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.1.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.1.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fa09a5b585109200767c80b7c8957735466e7a42ea62718bde3d7bbc216c0e67&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041016Z"} [2025-12-11 12:10:17.216] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:17.216] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:17.216] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:17.216] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:17.216] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:17.216] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:18.905] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.1.17610986931210.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765455018904, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:18.905] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:10:18.905] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:18.905] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:20.413] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26438 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.12.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.12.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041019Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=bd5a8c85baa85a8a5818e434fa09c75d42f42e49b5db4e9bae5735530d597e3e"} [2025-12-11 12:10:20.413] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:20.413] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:20.414] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:20.414] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:20.414] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:20.414] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:22.108] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.12.17610986931210.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765455022107, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:22.108] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:10:22.108] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:22.108] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:23.585] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25177 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.13.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.13.17610986931210.jsonl?X-Amz-Signature=3ef529fa07e5286547cff5c6d65c139bb36e1e4d34e679ceff475537855e6e52&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041023Z&X-Amz-Expires=604800"} [2025-12-11 12:10:23.585] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:23.585] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:23.585] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:23.585] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:23.585] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:23.585] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:25.381] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.13.17610986931210.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765455025380, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:25.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:10:25.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:25.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:26.963] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25178 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.14.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.14.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T041026Z&X-Amz-Expires=604800&X-Amz-Signature=e7d08fbdaa36c01be58d99193c5e7bae341f17807c8131a3d2c81bafa8382a9d"} [2025-12-11 12:10:26.963] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:26.963] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:26.963] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:26.963] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:26.963] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:26.964] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:28.540] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.14.17610986931210.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765455028539, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-11 12:10:28.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:10:28.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:28.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:30.088] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26439 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.15.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.15.17610986931210.jsonl?X-Amz-Date=20251211T041029Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2d2d259446f76ed55428b771b9b646d98908519ce5d85924edddd147ac96741e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 12:10:30.088] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:30.088] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:30.088] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:30.088] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:30.088] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:30.089] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:31.593] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.15.17610986931210.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765455031593, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:31.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:10:31.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:31.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:33.432] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25179 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.16.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.16.17610986931210.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=def73f9c1f39d1f7cd27884e5d3396c172aebac03b4164fc80b477174ee0fa6d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041033Z"} [2025-12-11 12:10:33.432] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:33.432] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:33.432] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:33.432] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:33.432] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:33.433] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:35.350] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.16.17610986931210.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765455035349, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:35.350] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:10:35.350] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:35.350] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:36.908] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24778 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.17.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.17.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=832ce37e97b961d61f64c668c307d444c37e2e88c0df1ff2a130b1a3a4cc6842&X-Amz-Date=20251211T041036Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:10:36.908] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:36.908] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:36.909] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:36.909] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:36.909] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:36.909] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:38.200] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.17.17610986931210.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765455038198, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:38.200] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:10:38.200] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:38.200] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:40.042] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26440 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.18.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.18.17610986931210.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041039Z&X-Amz-Signature=351677f0af41a4475fdc67b9adbaf12eb64b8cec5c6d097afa24466f59df5dfd"} [2025-12-11 12:10:40.042] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:40.042] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:40.042] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:40.042] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:40.042] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:40.044] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:41.354] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.18.17610986931210.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765455041353, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:41.354] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:10:41.354] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:41.354] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:43.179] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24779 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.19.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.19.17610986931210.jsonl?X-Amz-Date=20251211T041042Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=db2f5d3a77c7e3c5c4a06b3c24dfaeaff38c0e4c0ad98ca23f20dfd51dad4654&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 12:10:43.179] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:43.179] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:43.180] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:43.180] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:43.180] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:43.180] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:44.363] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.19.17610986931210.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765455044363, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:44.363] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:10:44.364] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:44.364] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:46.370] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25180 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.20.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.20.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c025e52b4ad1f400f795bc8533f39e5f71c070ef4bd2eb75ebd9926cb6eed853&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041045Z"} [2025-12-11 12:10:46.370] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:46.370] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:46.370] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:46.370] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:46.370] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:46.371] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:47.610] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.20.17610986931210.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765455047610, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:47.610] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:10:47.610] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:47.610] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:49.510] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26441 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.21.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.21.17610986931210.jsonl?X-Amz-Date=20251211T041049Z&X-Amz-Signature=d91a0de8e2808112aada7ff2340a4fdc7729909b23defcb6d30c7492e7da316e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 12:10:49.510] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:49.510] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:49.511] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:49.511] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:49.511] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:49.511] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:50.950] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.21.17610986931210.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765455050950, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:50.951] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:10:52.700] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25181 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.2.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.2.17610986931210.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=821505efe5f50760f9e0d999c4204789448dd61ae53173d56dd5b196039118a5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041052Z"} [2025-12-11 12:10:52.700] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:52.700] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:52.700] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:52.700] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:52.700] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:52.700] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:54.651] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.2.17610986931210.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765455054650, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:54.651] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:10:54.651] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:54.651] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:56.201] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24780 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.22.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.22.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bc1376251896cc13b74b7bfa7355d5536aa8e03783f760a6a84281c024fce9a5&X-Amz-Date=20251211T041055Z"} [2025-12-11 12:10:56.201] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:56.201] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:56.202] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:56.202] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:56.202] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:56.202] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:10:57.513] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.22.17610986931210.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765455057512, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:10:57.513] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:10:57.513] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:10:57.513] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:10:59.883] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25182 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.23.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.23.17610986931210.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T041059Z&X-Amz-Signature=2e1c19ce4adb2b2467fee5bdc553723986d7251c1f4d7fac30ba9bcc94129f22&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:10:59.883] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:10:59.883] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:10:59.883] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:10:59.883] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:10:59.883] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:10:59.884] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:01.420] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.23.17610986931210.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765455061419, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:01.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:11:01.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:01.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:03.109] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24781 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.24.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.24.17610986931210.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041102Z&X-Amz-SignedHeaders=host&X-Amz-Signature=70b148a7f4c793c521f2f7fb5b11328fae043f72f70aa7b76aedd576210efcfc"} [2025-12-11 12:11:03.109] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:03.109] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:03.109] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:03.109] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:03.109] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:03.110] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:04.411] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.24.17610986931210.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765455064410, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 12:11:04.411] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:11:04.411] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:04.411] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:06.523] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25183 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.25.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.25.17610986931210.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=25a44576ed89322a630c2675bbdb0d2e6667a0aada17f4c734d194b772a11d5c&X-Amz-Date=20251211T041106Z"} [2025-12-11 12:11:06.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:06.523] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:06.524] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:06.524] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:06.524] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:06.525] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:07.844] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.25.17610986931210.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765455067843, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:07.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:11:07.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:07.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:09.781] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25184 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.26.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.26.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041109Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7a3e4eaa0593582d9cb7132516ca5cc462ecfcdb239c01e5e0a40fe7a7474fae"} [2025-12-11 12:11:09.781] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:09.781] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:09.781] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:09.781] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:09.781] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:09.782] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:11.460] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.26.17610986931210.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765455071459, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:11.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:11:11.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:11.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:13.009] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25185 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.3.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.3.17610986931210.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=be2e3e73075deeca5ad507f896c6530126caca1cdc659172acc1ab0bf918974c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041112Z"} [2025-12-11 12:11:13.010] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:13.010] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:13.010] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:13.010] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:13.010] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:13.010] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:15.258] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.3.17610986931210.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765455075257, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:11:15.258] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:11:15.258] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:15.258] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:16.148] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25186 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.4.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.4.17610986931210.jsonl?X-Amz-Signature=d7d0590c19603e0417b3a0f9e24866bfeb3fe14006b18ffeb45599409b59fee5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T041115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:11:16.148] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:16.148] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:16.148] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:16.148] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:16.149] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:16.149] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:17.301] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.4.17610986931210.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765455077300, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:17.301] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:11:19.684] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26442 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.5.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.5.17610986931210.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7f974ccb1d6aac9378de8788b8696062e19771b5a3d398ceb99177f5f6cb4f73&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041119Z"} [2025-12-11 12:11:19.684] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:19.684] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:19.684] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:19.684] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:19.684] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:19.685] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:20.977] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.5.17610986931210.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765455080976, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:20.977] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:11:20.977] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:20.977] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:22.825] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26443 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.6.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.6.17610986931210.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f00edbe83ce86c8f65e0ad1c79ea0e4df26c134bb9f75b1379a0817e82199f44&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041122Z"} [2025-12-11 12:11:22.825] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:22.825] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:22.825] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:22.825] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:22.825] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:22.826] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:23.754] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.6.17610986931210.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765455083753, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:23.754] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:11:23.754] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:23.754] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:26.038] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25187 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.7.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.7.17610986931210.jsonl?X-Amz-Date=20251211T041125Z&X-Amz-Expires=604800&X-Amz-Signature=4bdf6a5b650eb9930d7009ef97bf0447a0e081d0b38f300703f4c371d0daf13a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:11:26.038] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:26.038] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:26.038] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:26.038] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:26.038] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:26.039] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:27.376] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.7.17610986931210.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765455087375, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:27.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:11:27.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:27.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:29.231] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26444 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.8.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.8.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T041128Z&X-Amz-Expires=604800&X-Amz-Signature=bbe51f0af60cef935a67b098699c54deecdc26706847476858d6491ec26a2b19&X-Amz-SignedHeaders=host"} [2025-12-11 12:11:29.231] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:29.231] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:29.231] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:29.231] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:29.231] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:29.231] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:30.633] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.8.17610986931210.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765455090632, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:30.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:11:30.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:30.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:32.424] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24782 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.17610986931210.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.17610986931210.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T041132Z&X-Amz-Expires=604800&X-Amz-Signature=8bdad3e00f0395f10ff0eee139299dbad2315cc0a0b5ae35660fc9f9a5c58f41&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:11:32.424] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:32.424] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:32.424] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:32.424] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:32.424] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:32.425] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:33.801] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.17610986931210.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765455093800, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:11:33.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:11:33.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:11:33.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:11:35.782] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26445 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.1765426242.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.1765426242.jsonl?X-Amz-Signature=3f6ad66661d73cb3bcaa8d1a67a99a7f9c13489038283f7fe956a74cadc4ba98&X-Amz-Expires=604800&X-Amz-Date=20251211T041135Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:11:35.782] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:11:35.782] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:11:35.783] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:11:35.783] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:11:35.783] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:11:35.784] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:11:35.789] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.1765426242.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765455095788, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 12:11:35.789] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:20:10.960] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25188 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.10.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.10.17610986931220.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042010Z&X-Amz-Signature=9484be8aba447c0a66444d345422a2c27ca310fd424b84e2fb5b260dc0f645a9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:20:10.960] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:10.960] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:10.960] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:10.960] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:10.960] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:10.961] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:12.203] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.10.17610986931220.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765455612202, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:12.203] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:20:12.203] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:12.203] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:14.098] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26446 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.11.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.11.17610986931220.jsonl?X-Amz-Signature=3d99e38b90c5f4647c9041eaaa9104a9ea718071f9e323f9a817c2f59a86bcd4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042013Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:20:14.098] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:14.098] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:14.098] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:14.098] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:14.098] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:14.099] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:15.572] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.11.17610986931220.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765455615571, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:15.572] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:20:15.572] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:15.572] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:17.303] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24783 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.1.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.1.17610986931220.jsonl?X-Amz-Date=20251211T042016Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c22bdcccb239bcb57d8b10be584d5a16b394c7477e27da6452d48d9a69d89241"} [2025-12-11 12:20:17.303] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:17.303] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:17.303] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:17.303] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:17.303] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:17.303] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:18.851] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.1.17610986931220.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765455618850, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:18.851] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:20:18.851] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:18.851] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:20.502] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25189 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.12.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.12.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T042020Z&X-Amz-Signature=1a641b0d1a3ce72cc65e8b51405d7bce6e60d11029de2fb2f4fecea5ed603382&X-Amz-SignedHeaders=host"} [2025-12-11 12:20:20.502] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:20.502] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:20.502] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:20.502] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:20.502] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:20.503] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:22.190] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.12.17610986931220.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765455622189, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:22.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:20:22.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:22.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:23.661] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26447 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.13.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.13.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042023Z&X-Amz-Signature=0e8aa748c9a57013f2539a8911c702686cea4b493013dad1e7da980a5e7ecb04&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:20:23.661] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:23.661] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:23.661] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:23.661] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:23.661] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:23.662] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:25.483] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.13.17610986931220.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765455625482, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:25.483] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:20:25.483] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:25.483] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:27.065] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25190 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.14.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.14.17610986931220.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042026Z&X-Amz-Expires=604800&X-Amz-Signature=2a5d6bca4a7c1923ee1d039d5e489d527837e34952fdbd343160db241ca2fc10&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:20:27.065] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:27.065] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:27.066] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:27.066] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:27.066] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:27.066] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:28.668] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.14.17610986931220.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765455628667, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:28.668] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:20:28.668] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:28.668] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:30.189] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25191 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.15.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.15.17610986931220.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d6598dae0be7d2bf6c1c967e8170435b8111ebfeb8889e8b9cfe49f4aa90a3f6&X-Amz-Expires=604800&X-Amz-Date=20251211T042029Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:20:30.189] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:30.189] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:30.189] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:30.189] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:30.189] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:30.190] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:31.713] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.15.17610986931220.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765455631712, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 12:20:31.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:20:31.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:31.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:33.523] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24784 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.16.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.16.17610986931220.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f6e49696399a49001eead151d3d37e613d4086271d575192472aa532ba658b9b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T042033Z"} [2025-12-11 12:20:33.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:33.523] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:33.524] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:33.524] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:33.524] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:33.524] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:35.414] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.16.17610986931220.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765455635413, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:20:35.414] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:20:35.414] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:35.414] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:37.028] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24785 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.17.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.17.17610986931220.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T042036Z&X-Amz-SignedHeaders=host&X-Amz-Signature=663b11ed1b59d003862a1fdf8262935c8ed800b92bd3264840f55d3fb352d900"} [2025-12-11 12:20:37.028] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:37.028] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:37.029] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:37.029] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:37.029] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:37.029] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:38.330] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.17.17610986931220.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765455638329, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:20:38.330] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:20:38.330] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:38.330] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:40.164] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25192 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.18.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.18.17610986931220.jsonl?X-Amz-Date=20251211T042039Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6b542be569be00e227b4a9f680a149142dec20583764e9125d1aba7e33e4e654&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:20:40.164] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:40.164] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:40.165] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:40.165] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:40.165] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:40.166] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:41.556] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.18.17610986931220.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765455641555, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:41.556] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:20:41.556] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:41.556] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:43.310] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25193 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.19.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.19.17610986931220.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T042042Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=16936b7bba6d7428d836526894b65245eb1157632b62a9c99c8ccfcb5820e644"} [2025-12-11 12:20:43.310] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:43.310] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:43.310] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:43.310] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:43.310] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:43.311] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:44.564] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.19.17610986931220.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765455644563, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:44.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:20:44.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:44.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:46.511] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26448 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.20.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.20.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042046Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=45bd7fa4f38b96d42447d9d90c11ad8854fb604dd71450eb6777e12ef5aa6b1d"} [2025-12-11 12:20:46.511] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:46.511] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:46.511] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:46.511] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:46.511] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:46.511] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:47.737] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.20.17610986931220.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765455647737, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:47.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:20:47.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:47.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:49.645] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26449 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.21.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.21.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T042049Z&X-Amz-Signature=dda71a51c2e3789cfcecb0cdd25525674440f9c820b2cf172f3e70dd2ce34e26&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:20:49.645] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:49.645] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:49.645] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:49.645] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:49.645] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:49.646] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:51.082] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.21.17610986931220.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765455651082, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:51.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:20:52.841] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26450 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.2.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.2.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T042052Z&X-Amz-Signature=48e89d993a580791edad9b3b0fecd49f1be227cd244f0488631ef2fbf4b62e63&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:20:52.842] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:52.842] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:52.842] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:52.842] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:52.842] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:52.842] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:54.749] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.2.17610986931220.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765455654748, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:20:54.749] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:20:54.749] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:54.749] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:20:56.349] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24786 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.22.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.22.17610986931220.jsonl?X-Amz-Signature=93a1ab2cf2d9301acf37e26b180934dc4ce002f085773ac69639f9d04c1236a8&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T042055Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:20:56.349] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:20:56.349] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:20:56.349] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:20:56.349] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:20:56.349] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:20:56.350] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:20:57.663] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.22.17610986931220.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765455657662, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:20:57.663] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:20:57.663] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:20:57.663] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:00.209] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24787 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.23.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.23.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-Signature=5418a9976174811749c9e156d180870b50f5f65a3c1cc867dd1c4032dbd8096a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T042059Z"} [2025-12-11 12:21:00.209] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:00.209] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:00.209] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:00.209] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:00.209] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:00.210] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:01.761] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.23.17610986931220.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765455661761, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:01.762] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:21:01.762] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:01.762] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:03.435] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25194 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.24.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.24.17610986931220.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f2ebcbf8de8b77f0ccac5abcdd33ceaf3a993d2e67be41422175ec9d5c4427e4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T042103Z&X-Amz-Expires=604800"} [2025-12-11 12:21:03.435] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:03.435] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:03.435] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:03.435] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:03.435] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:03.436] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:04.742] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.24.17610986931220.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765455664742, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:04.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:21:04.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:04.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:06.856] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24788 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.25.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.25.17610986931220.jsonl?X-Amz-Signature=9c1b8ad18d99b6599fabd7cd1a9808b1d6804c7deaa937d68d8e6df32aff2999&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042106Z&X-Amz-Expires=604800"} [2025-12-11 12:21:06.856] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:06.857] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:06.857] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:06.857] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:06.857] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:06.858] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:08.367] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.25.17610986931220.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765455668366, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:08.367] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:21:08.367] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:08.367] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:10.104] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25195 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.26.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.26.17610986931220.jsonl?X-Amz-Signature=b625608140851b8bf0e848f177b8bac81086f2ae1e75aacbd7b98a560e86d53b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T042109Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:21:10.104] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:10.104] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:10.105] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:10.105] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:10.105] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:10.106] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:11.792] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.26.17610986931220.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765455671791, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:21:11.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:21:11.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:11.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:13.341] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24789 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.3.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.3.17610986931220.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=2ffe9cce31e90db30931f9cc8e5a1985b6cf6f35ee4076a56ecaa85f061b2887&X-Amz-Date=20251211T042112Z"} [2025-12-11 12:21:13.341] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:13.341] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:13.341] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:13.341] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:13.342] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:13.342] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:15.630] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.3.17610986931220.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765455675629, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:15.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:21:15.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:15.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:16.471] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25196 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.4.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.4.17610986931220.jsonl?X-Amz-Signature=2d679086d0516f799c9efa0f5bc2d6d140055158ec85ed6c811b3b8e54821e10&X-Amz-Date=20251211T042115Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:21:16.471] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:16.471] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:16.471] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:16.471] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:16.471] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:16.472] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:17.650] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.4.17610986931220.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765455677649, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:17.650] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:21:20.018] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25197 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.5.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.5.17610986931220.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T042119Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=14d1f0c55b29e317b92d505400cb398f4c0562c1e4076cc0d0d900488fd37210&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 12:21:20.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:20.018] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:20.018] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:20.018] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:20.018] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:20.019] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:21.430] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.5.17610986931220.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765455681429, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-11 12:21:21.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:21:21.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:21.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:23.160] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26451 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.6.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.6.17610986931220.jsonl?X-Amz-Signature=e36c408b40cfc464086eaff2d312c35b74d1247cd811d86995b208ed1ca40af2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T042122Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:21:23.160] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:23.160] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:23.160] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:23.160] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:23.160] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:23.161] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:24.178] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.6.17610986931220.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765455684177, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:24.178] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:21:24.178] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:24.178] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:26.415] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26452 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.7.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.7.17610986931220.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=fbcbcd998668a9e4861ad817d9367bd6750e160f6a59caffd06680a738f63f87&X-Amz-Date=20251211T042126Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:21:26.415] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:26.416] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:26.416] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:26.416] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:26.416] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:26.416] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:27.778] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.7.17610986931220.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765455687777, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:27.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:21:27.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:27.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:29.610] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24790 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.8.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.8.17610986931220.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T042129Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d752ad46419b99dcfb9c2b2be57c725955548349ad18814a23b8f3f2a96d4c7b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:21:29.610] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:29.610] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:29.611] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:29.611] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:29.611] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:29.612] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:30.999] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.8.17610986931220.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765455690998, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:30.999] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:21:30.999] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:30.999] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:21:32.779] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25198 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.17610986931220.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.17610986931220.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d9b1d859303d60dd4fe0508a8acab008491755d30d8ff87dde1192ec197505d8&X-Amz-Date=20251211T042132Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:21:32.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:21:32.779] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:21:32.779] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:21:32.779] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:21:32.779] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:21:32.780] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:21:34.162] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.17610986931220.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765455694162, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:21:34.163] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:21:34.163] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:21:34.163] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:25:52.013] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26453 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.1765427143.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.1765427143.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a2c38ad62c935c379328c9b4244f1a7dbd5d3ce54edd4cac413810e9341c9cb6&X-Amz-Date=20251211T042551Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:25:52.013] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:25:52.013] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:25:52.013] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:25:52.013] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:25:52.013] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:25:52.014] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:25:52.022] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.1765427143.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765455952021, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 12:25:52.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:30:11.044] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25199 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.10.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.10.17610986931230.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043010Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9a13f3323d2df52838ae12b9b52fced7a91eebde1ed338e8fc2f97cac29a50e1&X-Amz-Expires=604800"} [2025-12-11 12:30:11.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:11.044] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:11.044] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:11.044] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:11.044] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:11.045] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:12.398] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.10.17610986931230.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765456212397, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:12.398] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:30:12.398] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:12.398] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:14.181] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26454 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.11.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.11.17610986931230.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043013Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=d91ae60e9a179463ea55066951cc67820c42472568f3e3ea206f17402d2616b2"} [2025-12-11 12:30:14.181] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:14.181] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:14.181] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:14.181] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:14.181] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:14.182] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:15.631] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.11.17610986931230.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765456215630, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:15.631] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:30:15.631] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:15.631] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:17.380] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25200 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.1.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.1.17610986931230.jsonl?X-Amz-Date=20251211T043016Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8036d36380403accfa7658cb5c97d88729261b38586ebd7adb10e82d4ff3dc6a"} [2025-12-11 12:30:17.380] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:17.380] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:17.380] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:17.380] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:17.380] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:17.381] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:19.088] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.1.17610986931230.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765456219087, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:30:19.088] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:30:19.088] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:19.088] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:20.587] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25201 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.12.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.12.17610986931230.jsonl?X-Amz-Signature=60a56c5ae139bd9395542b3e2cdce1a3c7e1e6a1adac3e0f0e7d1470f241098e&X-Amz-Expires=604800&X-Amz-Date=20251211T043020Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:30:20.587] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:20.587] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:20.587] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:20.588] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:20.588] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:20.588] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:22.255] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.12.17610986931230.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765456222254, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:22.255] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:30:22.255] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:22.255] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:23.750] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25202 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.13.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.13.17610986931230.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043023Z&X-Amz-Expires=604800&X-Amz-Signature=d591b4428fcc4420234263b9dc026b4960c16fdb8ba64bb1a7e2b4565f73ab5c&X-Amz-SignedHeaders=host"} [2025-12-11 12:30:23.750] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:23.751] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:23.751] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:23.751] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:23.751] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:23.752] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:25.624] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.13.17610986931230.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765456225623, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:25.624] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:30:25.624] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:25.624] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:27.123] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24791 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.14.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.14.17610986931230.jsonl?X-Amz-Date=20251211T043026Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cb3a71a1a12ae0669e204fa89c8ae8bf6e0104b702e00672dbc75ec7b0d31eb0&X-Amz-Expires=604800"} [2025-12-11 12:30:27.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:27.123] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:27.123] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:27.123] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:27.123] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:27.124] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:28.748] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.14.17610986931230.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765456228747, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:28.748] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:30:28.748] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:28.748] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:30.262] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26455 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.15.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.15.17610986931230.jsonl?X-Amz-Signature=0acd050cb477f70e834c9cf1a56be378e0a7dea836e5f7c8fa8e9b5029b57581&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043029Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:30:30.263] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:30.263] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:30.263] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:30.263] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:30.263] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:30.264] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:31.768] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.15.17610986931230.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765456231768, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:31.769] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:30:31.769] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:31.769] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:33.595] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25203 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.16.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.16.17610986931230.jsonl?X-Amz-Signature=1f44f81642d0a0a90c6bde934de26e46a439bcf075bf3eb5f07c4020c2e0cd08&X-Amz-Date=20251211T043033Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 12:30:33.595] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:33.595] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:33.595] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:33.595] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:33.595] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:33.596] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:35.467] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.16.17610986931230.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765456235466, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:30:35.467] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:30:35.467] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:35.467] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:37.084] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26456 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.17.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.17.17610986931230.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043036Z&X-Amz-SignedHeaders=host&X-Amz-Signature=79a8de34bf047cb98c7749531b8a765cbcb9c8a14d8f03c0bd099fc51382473b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:30:37.084] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:37.084] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:37.084] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:37.084] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:37.084] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:37.084] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:38.386] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.17.17610986931230.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765456238385, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:30:38.386] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:30:38.386] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:38.386] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:40.209] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26457 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.18.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.18.17610986931230.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043039Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=41fbbb7a55efc73e9dc2f8ec5ea0d805d37568ccf91f4903f9ca940f47b79252"} [2025-12-11 12:30:40.209] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:40.209] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:40.210] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:40.210] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:40.210] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:40.210] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:41.567] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.18.17610986931230.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765456241566, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:41.567] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:30:41.567] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:41.567] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:43.339] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25204 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.19.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.19.17610986931230.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043042Z&X-Amz-SignedHeaders=host&X-Amz-Signature=e977cccba64970165fce308846cf198a2b6a4cf9d47781d2bf44a0a4a90e5a1e"} [2025-12-11 12:30:43.339] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:43.339] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:43.339] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:43.339] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:43.339] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:43.339] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:44.540] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.19.17610986931230.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765456244539, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:44.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:30:44.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:44.540] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:46.568] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26458 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.20.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.20.17610986931230.jsonl?X-Amz-Signature=67d582c1b8e0acbe4ea6036593fd340d5627b0da9778854868e29959852cafd3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043046Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:30:46.568] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:46.568] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:46.569] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:46.569] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:46.569] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:46.569] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:47.812] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.20.17610986931230.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765456247811, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:47.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:30:47.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:47.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:49.704] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26459 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.21.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.21.17610986931230.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=4637a4590f66d420fac34e77daf72312e9c49bb83755969b9b17092db1dbe3d9&X-Amz-Date=20251211T043049Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:30:49.704] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:49.704] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:49.704] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:49.704] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:49.704] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:49.704] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:51.153] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.21.17610986931230.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765456251152, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:51.153] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:30:52.914] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26460 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.2.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.2.17610986931230.jsonl?X-Amz-Date=20251211T043052Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8039e0471dd3c503691c0271ab21dd31001abf782b204e8348c845d0318c5c07"} [2025-12-11 12:30:52.914] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:52.914] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:52.914] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:52.914] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:52.914] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:52.915] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:54.864] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.2.17610986931230.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765456254863, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:54.864] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:30:54.864] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:54.864] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:30:56.445] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25205 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.22.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.22.17610986931230.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043055Z&X-Amz-SignedHeaders=host&X-Amz-Signature=ff94d1d8f761643e23a5d0dace542ac8658a94711a8110fae41bd816ac5a69cc&X-Amz-Expires=604800"} [2025-12-11 12:30:56.445] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:30:56.445] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:30:56.446] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:30:56.446] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:30:56.446] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:30:56.447] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:30:57.795] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.22.17610986931230.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765456257794, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:30:57.795] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:30:57.795] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:30:57.795] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:00.125] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24792 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.23.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.23.17610986931230.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=d145d4cec062c8baa53950cbb4430c8a26216b5d644e6b9bd1532eddd06de3db&X-Amz-Date=20251211T043059Z"} [2025-12-11 12:31:00.125] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:00.125] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:00.125] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:00.125] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:00.125] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:00.126] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:01.666] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.23.17610986931230.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765456261665, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:01.666] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:31:01.666] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:01.666] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:03.351] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25206 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.24.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.24.17610986931230.jsonl?X-Amz-Signature=381a3d02549b52438ac47d85a1e8b5e6b55ec683913d1a7857c57b9fd45ef55c&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043102Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:31:03.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:03.351] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:03.352] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:03.352] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:03.352] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:03.353] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:04.655] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.24.17610986931230.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765456264654, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:04.655] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:31:04.655] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:04.655] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:06.778] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25207 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.25.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.25.17610986931230.jsonl?X-Amz-Expires=604800&X-Amz-Signature=7f52d3826041adf86a6ec90ad5c3a1ee321bd41e8f165f9b1ec0e58b08cd68a2&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043106Z"} [2025-12-11 12:31:06.778] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:06.778] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:06.778] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:06.778] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:06.778] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:06.779] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:08.099] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.25.17610986931230.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765456268098, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:08.099] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:31:08.099] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:08.099] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:10.036] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25208 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.26.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.26.17610986931230.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T043109Z&X-Amz-SignedHeaders=host&X-Amz-Signature=6a0a92e90c46c5176aac7aad21fc40a7372cf0c0c2ffeab78a0a0b9f259fbeaa&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:31:10.036] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:10.036] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:10.036] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:10.036] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:10.036] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:10.037] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:11.698] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.26.17610986931230.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765456271697, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:11.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:31:11.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:11.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:13.260] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26461 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.3.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.3.17610986931230.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=08eb4cf77256f809ab6620b31a83887b3b975abfaae30b90d861be8da42f06fb&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043112Z"} [2025-12-11 12:31:13.260] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:13.260] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:13.260] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:13.260] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:13.260] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:13.261] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:15.497] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.3.17610986931230.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765456275496, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:31:15.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:31:15.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:15.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:16.390] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25209 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.4.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.4.17610986931230.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b92fb0e4412746466b15f9c449460d310f981edafc06b85db4f35d0896cfd2f0&X-Amz-Date=20251211T043115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:31:16.390] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:16.390] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:16.390] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:16.390] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:16.390] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:16.391] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:17.549] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.4.17610986931230.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765456277548, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:17.549] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:31:19.916] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26462 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.5.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.5.17610986931230.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e2dfb982bc5a5c0053881dceda3d6448b11f2eb0038ee1d0435d3836b24782f6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043119Z&X-Amz-Expires=604800"} [2025-12-11 12:31:19.916] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:19.916] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:19.916] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:19.916] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:19.916] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:19.917] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:21.302] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.5.17610986931230.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765456281301, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:21.302] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:31:21.302] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:21.302] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:23.059] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25210 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.6.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.6.17610986931230.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=bd088ea38cb3b090053b683e0317de36b83c616c3858705d0beab5ed49e15551&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043122Z&X-Amz-Expires=604800"} [2025-12-11 12:31:23.059] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:23.059] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:23.059] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:23.059] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:23.059] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:23.060] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:24.006] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.6.17610986931230.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765456284005, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:24.006] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:31:24.006] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:24.006] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:26.273] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25211 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.7.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.7.17610986931230.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cc7df635821e7d88ffe1570ca8226782020e480c86ce7271f2fefcac21a1c667&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T043125Z"} [2025-12-11 12:31:26.273] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:26.273] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:26.273] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:26.273] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:26.273] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:26.274] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:27.615] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.7.17610986931230.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765456287614, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:27.615] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:31:27.615] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:27.615] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:29.461] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26463 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.8.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.8.17610986931230.jsonl?X-Amz-Signature=ca8d9de4ab1f49cebb304a97d5bd6741a1a7e7009f6b7fe2a4c553dc26709822&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T043129Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:31:29.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:29.461] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:29.462] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:29.462] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:29.462] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:29.462] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:30.839] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.8.17610986931230.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765456290839, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:31:30.840] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:31:30.840] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:30.840] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:31:32.650] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25212 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.17610986931230.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.17610986931230.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=5a229555edc7b07729704e715f1904b0b88d63f88d38fc361dcb520b3a6678e0&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T043132Z"} [2025-12-11 12:31:32.650] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:31:32.650] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:31:32.650] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:31:32.650] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:31:32.650] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:31:32.650] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:31:34.022] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.17610986931230.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765456294021, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:31:34.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:31:34.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:31:34.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:11.131] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25213 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.10.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.10.17610986931240.jsonl?X-Amz-Signature=787db6c3a053378708217a68e9aa79d89e24367712ab061571e5854d69f18d22&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044010Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:40:11.131] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:11.131] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:11.131] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:11.131] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:11.131] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:11.132] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:12.491] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.10.17610986931240.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765456812490, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:12.491] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:40:12.491] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:12.491] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:14.267] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25214 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.11.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.11.17610986931240.jsonl?X-Amz-Signature=48b3a1b24793f048236d322081e0229a9cc1159ac6283147fc91bb59d18def68&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044013Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 12:40:14.268] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:14.268] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:14.268] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:14.268] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:14.268] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:14.268] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:15.719] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.11.17610986931240.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765456815718, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:15.719] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:40:15.719] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:15.719] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:17.430] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26464 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.1.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.1.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a25d9469dea4804a2d6ef9b62c63d26d8ecf790481b6e33d97d18e6ce317905a&X-Amz-Date=20251211T044017Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:40:17.431] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:17.431] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:17.431] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:17.431] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:17.431] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:17.431] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:19.049] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.1.17610986931240.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765456819048, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:19.049] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:40:19.049] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:19.049] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:20.645] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25215 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.12.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.12.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=2b3ab6bcd5cefac42a2c203ec2ee7de67ddce2419b83694f71f80489cdaae999&X-Amz-Date=20251211T044020Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:40:20.645] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:20.645] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:20.645] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:20.645] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:20.645] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:20.645] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:22.313] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.12.17610986931240.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765456822312, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:22.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:40:22.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:22.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:23.811] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25216 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.13.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.13.17610986931240.jsonl?X-Amz-Signature=6967461d5603747ade2a0c4c905f2a18db262cb8c1661b46f357221ea8cd6d5d&X-Amz-Date=20251211T044023Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:40:23.811] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:23.811] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:23.812] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:23.812] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:23.812] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:23.812] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:25.649] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.13.17610986931240.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765456825648, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:25.649] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:40:25.649] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:25.649] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:27.188] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25217 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.14.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.14.17610986931240.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8dcf907d0fbeae1166142599953410f0f49c42a57f4c3b355221323eaa8407a2&X-Amz-Date=20251211T044026Z"} [2025-12-11 12:40:27.188] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:27.188] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:27.188] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:27.188] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:27.188] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:27.189] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:28.749] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.14.17610986931240.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765456828748, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:28.749] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:40:28.749] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:28.749] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:30.312] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25218 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.15.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.15.17610986931240.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T044029Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e680930fc078ea174bde8190b1cf75a7ccf204293ca65d5ac0969b291c35b655"} [2025-12-11 12:40:30.312] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:30.312] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:30.312] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:30.312] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:30.312] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:30.313] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:31.827] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.15.17610986931240.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765456831826, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:31.827] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:40:31.827] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:31.827] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:33.642] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24793 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.16.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.16.17610986931240.jsonl?X-Amz-Signature=f1c203b4ec36942a4e1384c27eddace2a6fc5c0cc4382594d6057611dfc70d52&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044033Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:40:33.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:33.642] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:33.642] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:33.642] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:33.642] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:33.643] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:35.527] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.16.17610986931240.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765456835526, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:35.527] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:40:35.527] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:35.527] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:37.161] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24794 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.17.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.17.17610986931240.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1b184442f752bed8aa4a791098e3f6b7b418e6850caa14bfd6758199c508dc8e&X-Amz-Date=20251211T044036Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:40:37.161] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:37.161] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:37.161] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:37.161] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:37.162] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:37.162] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:38.473] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.17.17610986931240.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765456838473, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:38.473] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:40:38.474] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:38.474] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:40.303] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24795 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.18.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.18.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=516f8111691c27cf64e197527f1fa8081282d7b3da10947a1e2ae0f91596777d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T044039Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 12:40:40.303] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:40.303] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:40.303] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:40.303] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:40.303] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:40.304] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:41.689] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.18.17610986931240.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765456841688, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:41.689] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:40:41.689] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:41.689] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:43.440] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24796 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.19.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.19.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b2e6ba0428d4428f0e94eef1820accb5b51753369687b73f84d3cd396dbb71b2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T044043Z"} [2025-12-11 12:40:43.440] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:43.440] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:43.440] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:43.440] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:43.440] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:43.441] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:44.676] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.19.17610986931240.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765456844675, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:44.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:40:44.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:44.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:46.660] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26465 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.20.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.20.17610986931240.jsonl?X-Amz-Date=20251211T044046Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4e94486bd47bace5803e80499a01dae741820544f5e089027d4bcf98f8ecb16b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 12:40:46.660] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:46.660] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:46.661] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:46.661] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:46.661] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:46.662] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:47.898] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.20.17610986931240.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765456847897, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:47.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:40:47.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:47.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:49.794] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24797 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.21.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.21.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T044049Z&X-Amz-Signature=b8ad4a4568e8b95ae929384a54852d5901bd7e45f67b7ea41d2802f80916eebb"} [2025-12-11 12:40:49.794] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:49.794] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:49.795] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:49.795] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:49.795] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:49.795] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:51.232] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.21.17610986931240.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765456851231, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:51.232] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:40:52.984] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26466 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.2.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.2.17610986931240.jsonl?X-Amz-Signature=f4c91988856c2f0457841d88709de7114344f981f74dc9364f2e8e121fff913a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T044052Z&X-Amz-Expires=604800"} [2025-12-11 12:40:52.984] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:52.984] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:52.984] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:52.984] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:52.984] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:52.985] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:54.857] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.2.17610986931240.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765456854856, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:54.857] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:40:54.857] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:54.857] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:40:56.494] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25219 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.22.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.22.17610986931240.jsonl?X-Amz-Date=20251211T044056Z&X-Amz-Expires=604800&X-Amz-Signature=e392018cb23f48641b678a173ca0572755b76e11b85c35c169b6604a8c87d00d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:40:56.494] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:40:56.494] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:40:56.494] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:40:56.494] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:40:56.494] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:40:56.495] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:40:57.804] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.22.17610986931240.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765456857803, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:40:57.804] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:40:57.804] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:40:57.804] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:00.347] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24798 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.23.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.23.17610986931240.jsonl?X-Amz-Signature=d6705449843f2cf8c1b342974c7393ad80c0973e09a67702b5ceff5d5c6a9fcc&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T044059Z"} [2025-12-11 12:41:00.347] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:00.347] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:00.347] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:00.347] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:00.347] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:00.348] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:01.912] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.23.17610986931240.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765456861911, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:01.912] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:41:01.912] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:01.912] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:03.571] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26467 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.24.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.24.17610986931240.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b15dcea5804836188f51d1d3a3a83409c3b21c4e451d72b478d5d36cc6244255&X-Amz-Expires=604800&X-Amz-Date=20251211T044103Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:41:03.572] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:03.572] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:03.572] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:03.572] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:03.572] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:03.573] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:04.881] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.24.17610986931240.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765456864880, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:04.881] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:41:04.881] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:04.881] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:07.008] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25220 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.25.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.25.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T044106Z&X-Amz-Expires=604800&X-Amz-Signature=26911c821ecb49ad0575573a1b576f04b077d5a44f83a35c55994e0cc58c4e2c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:41:07.009] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:07.009] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:07.009] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:07.009] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:07.009] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:07.010] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:08.326] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.25.17610986931240.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765456868325, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:08.326] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:41:08.326] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:08.326] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:10.245] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24799 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.26.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.26.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T044109Z&X-Amz-Expires=604800&X-Amz-Signature=e3a9d4b26f04499d9a12afacf929b27e8cb76716303b1e917487623420d5cdd2"} [2025-12-11 12:41:10.245] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:10.245] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:10.245] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:10.245] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:10.245] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:10.246] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:11.914] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.26.17610986931240.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765456871913, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:11.914] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:41:11.914] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:11.914] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:13.464] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24800 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.3.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.3.17610986931240.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3084d8f638c8c73d3928b6d885b668ff7894a467561b6121f263ba2d24b853ee&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T044113Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:41:13.465] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:13.465] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:13.465] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:13.465] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:13.465] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:13.466] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:15.698] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.3.17610986931240.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765456875697, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:15.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:41:15.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:15.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:16.613] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24801 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.4.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.4.17610986931240.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T044116Z&X-Amz-Signature=146ddb7e8c23d330770d50698e0d41817796755daecd45de2ddcb3f6f1442ab0"} [2025-12-11 12:41:16.613] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:16.613] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:16.613] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:16.613] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:16.613] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:16.614] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:17.757] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.4.17610986931240.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765456877756, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:17.757] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:41:20.152] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25221 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.5.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.5.17610986931240.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=953dddc8bfbf3f4631973c07a3235ec46f93f48c9004147557ff85c67433c946&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044119Z"} [2025-12-11 12:41:20.153] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:20.153] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:20.153] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:20.153] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:20.153] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:20.154] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:21.558] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.5.17610986931240.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765456881557, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:21.558] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:41:21.558] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:21.558] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:23.295] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26468 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.6.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.6.17610986931240.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T044122Z&X-Amz-Signature=d1d48365ea68eb424298f0fd548647bdec9d93e073882d99d72f0dd0b7e465db&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:41:23.295] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:23.295] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:23.295] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:23.295] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:23.295] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:23.296] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:24.236] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.6.17610986931240.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765456884235, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:24.236] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:41:24.236] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:24.236] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:26.525] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26469 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.7.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.7.17610986931240.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=481c2505eb07caceea946f5209916c6a8a95b5d947e1e85f559d99ed2f860a63&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T044126Z"} [2025-12-11 12:41:26.525] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:26.525] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:26.525] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:26.525] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:26.525] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:26.525] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:27.828] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.7.17610986931240.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765456887827, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:27.828] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:41:27.828] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:27.828] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:29.713] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26470 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.8.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.8.17610986931240.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044129Z&X-Amz-Signature=a95ce8e11e506501f64e5908449f00ef8f05babeedf94114a50a2b63507a5c92&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:41:29.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:29.713] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:29.713] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:29.713] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:29.713] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:29.714] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:31.082] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.8.17610986931240.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765456891081, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:31.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:41:31.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:31.082] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:32.902] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26471 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.17610986931240.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.17610986931240.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044132Z&X-Amz-Signature=0623d5f6421f09da3d8822e1cbd58b59aedcbdbe1e180010f0d7f91bd7376d69&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:41:32.902] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:32.902] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:32.903] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:32.903] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:32.903] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:32.904] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:34.281] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.17610986931240.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765456894280, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:41:34.281] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:41:34.281] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:41:34.281] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:41:36.220] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24802 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.1765428044.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.1765428044.jsonl?X-Amz-Expires=604800&X-Amz-Signature=f3e12612f80a81b18d19488fe6f7685fb9f92f7f613995705a62ee0061c0b226&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T044135Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:41:36.220] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:41:36.220] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:41:36.221] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:41:36.221] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:41:36.221] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:41:36.222] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:41:36.227] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.1765428044.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765456896227, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 12:41:36.227] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:50:11.214] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24803 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.10.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.10.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T045010Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c3a5e942c6800513534acba775ed145f656efad7e1ed78c377400d3ffb87694c&X-Amz-Expires=604800"} [2025-12-11 12:50:11.214] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:11.214] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:11.214] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:11.214] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:11.214] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:11.215] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:12.581] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.10.17610986931250.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765457412580, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:12.581] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:50:12.581] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:12.581] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:14.349] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24804 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.11.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.11.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=44d94189ebe123f9d8c733ed4e4b5b9a3cb5b42507947c5d5e1f757cec3d85ee&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T045014Z&X-Amz-Expires=604800"} [2025-12-11 12:50:14.349] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:14.349] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:14.350] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:14.350] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:14.350] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:14.350] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:15.900] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.11.17610986931250.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765457415899, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:15.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:50:15.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:15.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:17.511] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25222 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.1.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.1.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T045017Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=4f36d549ba643de6594f1456feec062e9c078a103bdb0fd91b145606dbf3b2e0"} [2025-12-11 12:50:17.511] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:17.511] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:17.512] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:17.512] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:17.512] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:17.512] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:19.187] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.1.17610986931250.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765457419186, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:19.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:50:19.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:19.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:20.715] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26472 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.12.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.12.17610986931250.jsonl?X-Amz-Signature=0b34d881b6f6fbba5aad8903c7249ed4b7ac50e4cb392db4a846856284a5ad3d&X-Amz-Date=20251211T045020Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 12:50:20.715] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:20.715] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:20.716] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:20.716] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:20.716] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:20.716] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:22.435] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.12.17610986931250.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765457422433, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:22.435] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:50:22.435] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:22.435] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:23.902] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25223 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.13.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.13.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4ee864f1225bc9e4da6f9ae7efbf9cf09750c38ea625a01c015a1935b878c9bf&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T045023Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 12:50:23.902] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:23.902] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:23.902] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:23.902] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:23.902] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:23.903] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:25.758] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.13.17610986931250.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765457425757, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:25.758] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:50:25.758] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:25.758] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:27.275] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25224 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.14.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.14.17610986931250.jsonl?X-Amz-Date=20251211T045026Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f6ade660662cc5c899394fdb14e1e8b4c0bf32c6b8f44e7b0b77efec1eb8724c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:50:27.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:27.276] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:27.276] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:27.276] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:27.276] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:27.276] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:28.910] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.14.17610986931250.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765457428909, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:28.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:50:28.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:28.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:30.401] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24805 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.15.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.15.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0bb8ca1e35f6f04eeb6a17bc253a48df00d94f42e33fe11c751251e3cef422fc&X-Amz-Date=20251211T045029Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:50:30.401] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:30.401] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:30.401] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:30.401] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:30.401] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:30.402] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:31.930] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.15.17610986931250.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765457431929, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:31.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:50:31.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:31.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:33.741] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26473 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.16.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.16.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T045033Z&X-Amz-Expires=604800&X-Amz-Signature=3433f90ec31bb0ae7cc369a94da20cd9e0a7e9936ebf1d3f1ade28c0993c5322&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:50:33.741] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:33.741] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:33.741] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:33.741] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:33.741] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:33.742] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:35.640] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.16.17610986931250.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765457435639, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:35.640] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:50:35.640] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:35.640] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:37.236] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26474 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.17.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.17.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T045036Z&X-Amz-Signature=8ea06dfbe1e8f1ad7e92360c7f71b01cbca19b555050d46efcb3900d69d8a206"} [2025-12-11 12:50:37.236] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:37.236] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:37.236] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:37.236] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:37.236] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:37.236] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:38.553] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.17.17610986931250.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765457438552, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:38.553] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 12:50:38.553] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:38.553] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:40.378] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24806 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.18.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.18.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T045039Z&X-Amz-Expires=604800&X-Amz-Signature=57af24f844a719d7a4189771dda457948e7e0b42b82b211ec297344674e8e5e9&X-Amz-SignedHeaders=host"} [2025-12-11 12:50:40.378] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:40.378] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:40.378] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:40.378] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:40.378] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:40.380] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:41.782] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.18.17610986931250.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765457441781, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:41.782] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:50:41.782] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:41.782] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:43.523] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24807 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.19.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.19.17610986931250.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T045043Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ec455d8fa81f4af81b99fae67808699b6824f76bcecae7f1b5992cf5efad10b4"} [2025-12-11 12:50:43.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:43.523] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:43.523] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:43.523] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:43.523] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:43.524] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:44.762] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.19.17610986931250.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765457444761, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:44.762] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:50:44.762] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:44.762] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:46.706] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25225 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.20.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.20.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T045046Z&X-Amz-Signature=6dab736c24c78e74d8c804c29e456e82f74f26dabeb63ca54c5887f71b81accd&X-Amz-SignedHeaders=host"} [2025-12-11 12:50:46.706] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:46.707] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:46.707] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:46.707] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:46.707] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:46.707] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:47.941] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.20.17610986931250.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765457447941, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:50:47.942] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:50:47.942] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:47.942] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:49.841] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26475 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.21.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.21.17610986931250.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=54b5a229b66ef3c8e86dbd2cb144682dcc3eee0324b60f93568bcc4091f52f72&X-Amz-Date=20251211T045049Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 12:50:49.841] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:49.841] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:49.841] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:49.841] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:49.841] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:49.842] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:51.318] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.21.17610986931250.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765457451318, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:51.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:50:53.068] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25226 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.2.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.2.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T045052Z&X-Amz-Signature=712368cd1680cfea399357663db2966167d1a1eaf4338a1ad884672e7ef567f3&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:50:53.068] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:53.068] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:53.069] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:53.069] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:53.069] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:53.069] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:55.044] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.2.17610986931250.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765457455043, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:55.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:50:55.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:55.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:50:56.579] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24808 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.22.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.22.17610986931250.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T045056Z&X-Amz-Signature=3915ebb9aa45422ef4af03cd7b42673463a1e043782a51060b632173c2773815&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:50:56.579] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:50:56.579] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:50:56.580] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:50:56.580] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:50:56.580] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:50:56.580] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:50:57.882] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.22.17610986931250.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765457457881, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:50:57.882] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:50:57.882] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:50:57.882] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:00.430] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26476 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.23.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.23.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=5a2c3f2b71d3d8950a6f17c4b7c8dc87474f44f7e98d1a91e064e99104347bde&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T045059Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:51:00.430] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:00.430] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:00.431] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:00.431] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:00.431] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:00.431] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:01.996] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.23.17610986931250.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765457461995, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:01.996] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:51:01.996] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:01.996] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:03.657] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24809 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.24.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.24.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d8b71d237d699f83398838b83ad79d885e9ed8095cc7a322c1f9ef16c2059cbe&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T045103Z"} [2025-12-11 12:51:03.657] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:03.657] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:03.657] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:03.657] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:03.657] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:03.658] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:04.967] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.24.17610986931250.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765457464966, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:04.967] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:51:04.967] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:04.967] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:07.075] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26477 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.25.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.25.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T045106Z&X-Amz-SignedHeaders=host&X-Amz-Signature=20acd0db3a76a9ef5481f3e2527a9cfa98529f733f7ed86aec711a982e8d79c8&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 12:51:07.075] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:07.075] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:07.075] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:07.075] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:07.075] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:07.076] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:08.408] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.25.17610986931250.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765457468407, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:08.408] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:51:08.408] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:08.408] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:10.336] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25227 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.26.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.26.17610986931250.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=89212cef952d7aaf965261d84b5c148e9fa7c0e2f47721658f3b327814c62d78&X-Amz-Date=20251211T045109Z"} [2025-12-11 12:51:10.337] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:10.337] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:10.337] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:10.337] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:10.337] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:10.337] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:12.016] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.26.17610986931250.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765457472015, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:12.016] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 12:51:12.016] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:12.016] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:13.562] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24810 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.3.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.3.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T045113Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0ac63c39131dcc1f16d77c489702c2fb21b13d6c98c1f1fb13f630359d179a3d"} [2025-12-11 12:51:13.562] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:13.562] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:13.562] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:13.562] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:13.562] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:13.563] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:15.849] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.3.17610986931250.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765457475848, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:15.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:51:15.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:15.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:16.699] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25228 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.4.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.4.17610986931250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T045116Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0fc364b88d96007b00e2a965cbaa3fe784fe6ddadaa2f71917920f2d621e133d"} [2025-12-11 12:51:16.699] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:16.699] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:16.699] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:16.699] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:16.699] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:16.700] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:17.866] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.4.17610986931250.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765457477865, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:17.866] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 12:51:20.227] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26478 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.5.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.5.17610986931250.jsonl?X-Amz-Signature=ddd625fa032e207a39ce57d94a168d0ac49da6f0d1ee0b94ffd981bc379a0194&X-Amz-Expires=604800&X-Amz-Date=20251211T045119Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 12:51:20.227] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:20.227] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:20.227] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:20.227] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:20.227] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:20.228] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:21.618] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.5.17610986931250.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765457481617, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 12:51:21.618] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 12:51:21.618] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:21.618] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:23.375] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26479 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.6.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.6.17610986931250.jsonl?X-Amz-Signature=8e99a80405227df2a15e1b411959c18281759bea13ab6d78661622c0d210b35e&X-Amz-Date=20251211T045123Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 12:51:23.375] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:23.375] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:23.375] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:23.375] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:23.375] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:23.376] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:24.337] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.6.17610986931250.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765457484336, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:24.337] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:51:24.337] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:24.337] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:26.603] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24811 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.7.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.7.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a147f45f32fc4bb5b083823d928101d844a817333bc70b7bf9b413bbc2d926d3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T045126Z&X-Amz-SignedHeaders=host"} [2025-12-11 12:51:26.603] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:26.603] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:26.603] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:26.603] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:26.603] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:26.604] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:27.940] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.7.17610986931250.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765457487939, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:27.940] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 12:51:27.940] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:27.940] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:29.792] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25229 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.8.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.8.17610986931250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T045129Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=07d365faedc2d89b6bd69730fbbdf96b14726e1d511f35f67abc4d722ee323be"} [2025-12-11 12:51:29.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:29.792] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:29.792] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:29.792] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:29.792] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:29.793] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:31.190] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.8.17610986931250.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765457491189, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 12:51:31.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 12:51:31.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:31.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:51:32.989] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26480 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.17610986931250.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.17610986931250.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3db4e69adf1b8a234a6956730d840996e99f28763fbef8ec4a90a3fbb3dd5a6b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T045132Z"} [2025-12-11 12:51:32.989] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:51:32.989] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:51:32.990] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:51:32.990] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:51:32.990] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:51:32.991] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:51:34.393] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.17610986931250.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765457494392, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 12:51:34.393] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 12:51:34.393] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 12:51:34.393] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 12:55:53.519] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25230 key: NULL payload: {"bucket":"2025-12-11","object":"12/output/cnn/alert.pcap.9.1765428945.jsonl","url":"http://111.32.12.11:9000/2025-12-11/12/output/cnn/alert.pcap.9.1765428945.jsonl?X-Amz-Signature=4ddfda6a7ce6fb8ddc8dd974c7190b8f3f8daa5f4062bf8d2aee10adab7522a9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T045553Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 12:55:53.519] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 12:55:53.519] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 12:55:53.519] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 12:55:53.519] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 12:55:53.519] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 12:55:53.520] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 12:55:53.524] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:12/output/cnn/alert.pcap.9.1765428945.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765457753524, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 12:55:53.525] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:00:10.045] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26481 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.10.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.10.17610986931300.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T050009Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6545da2cc3f22c3203a1a4b42eb92577a6abcfa4e5a4bae6f036dc1714c8f51c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:00:10.045] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:10.045] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:10.046] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:10.046] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:10.046] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:10.046] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:11.361] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.10.17610986931300.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765458011360, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:11.361] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:00:11.361] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:11.361] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:13.178] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26482 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.11.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.11.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=08ac02e3dbc1f75047c25b0f81ecc1cef173e213a0cd3dce6d6264557dd801bb&X-Amz-Date=20251211T050012Z&X-Amz-Expires=604800"} [2025-12-11 13:00:13.178] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:13.178] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:13.178] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:13.178] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:13.178] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:13.178] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:14.630] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.11.17610986931300.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765458014629, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:14.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:00:14.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:14.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:16.342] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24812 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.1.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.1.17610986931300.jsonl?X-Amz-Date=20251211T050015Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f9d2218aafb02b8f2021a68e81d675e1ca117206f73621c42eb570da3040fb20&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:00:16.343] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:16.343] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:16.343] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:16.343] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:16.343] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:16.343] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:18.004] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.1.17610986931300.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765458018003, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:18.004] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:00:18.004] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:18.004] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:19.534] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26483 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.12.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.12.17610986931300.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T050019Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b87549b15cffba4a2b3de7df7c1764e24d3b9695c72201e4c8e70d619fe370fe&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:00:19.534] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:19.534] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:19.534] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:19.534] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:19.534] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:19.535] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:21.193] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.12.17610986931300.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765458021192, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:21.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:00:21.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:21.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:22.700] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25231 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.13.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.13.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=dae3668ade3b7990868248c6b8b7a3d4263d694534de56f3d7e8a1ffac84746d&X-Amz-Expires=604800&X-Amz-Date=20251211T050022Z"} [2025-12-11 13:00:22.700] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:22.700] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:22.700] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:22.700] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:22.700] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:22.700] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:24.547] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.13.17610986931300.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765458024546, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:00:24.547] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:00:24.547] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:24.547] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:26.079] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24813 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.14.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.14.17610986931300.jsonl?X-Amz-Signature=de5cef62b64238061ce556961b084a684c99855b9d5b9d07d767727115476d89&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T050025Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 13:00:26.079] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:26.079] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:26.080] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:26.080] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:26.080] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:26.081] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:27.693] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.14.17610986931300.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765458027692, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:27.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:00:27.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:27.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:29.205] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26484 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.15.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.15.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T050028Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ec5e6b3d52d94d7e29bff81852ca02727a0a70b05720676ef56030c2afd33008"} [2025-12-11 13:00:29.205] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:29.205] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:29.205] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:29.206] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:29.206] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:29.206] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:30.737] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.15.17610986931300.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765458030736, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:30.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:00:30.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:30.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:32.541] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24814 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.16.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.16.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T050032Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1990b71c5a87c5ad8aa6ed26b53bebbd7eeb43daac96d8b856270152ab0a9a7e"} [2025-12-11 13:00:32.542] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:32.542] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:32.542] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:32.542] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:32.542] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:32.542] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:34.459] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.16.17610986931300.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765458034458, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:00:34.459] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:00:34.459] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:34.459] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:35.994] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25232 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.17.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.17.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ff180a32fa6674f60ef6fc8b1a63ec443a0c950129d94effa80af2d47ff1fce6&X-Amz-Date=20251211T050035Z"} [2025-12-11 13:00:35.994] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:35.994] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:35.994] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:35.994] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:35.994] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:35.995] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:37.812] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.17.17610986931300.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765458037810, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:37.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:00:37.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:37.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:39.128] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24815 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.18.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.18.17610986931300.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T050038Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c52bc26028b1534612b047caa471eb39102bc5d2f0ae5c8df6f301f4dc2af1bb"} [2025-12-11 13:00:39.129] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:39.129] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:39.129] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:39.129] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:39.129] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:39.129] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:40.517] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.18.17610986931300.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765458040516, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:40.517] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:00:40.517] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:40.517] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:42.267] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25233 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.19.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.19.17610986931300.jsonl?X-Amz-Signature=0dc06c073fb62af7cd82ccf5f19a9a32200312dc1e8770f1aa6391107406f74e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T050041Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:00:42.267] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:42.267] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:42.267] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:42.267] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:42.267] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:42.268] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:43.523] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.19.17610986931300.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765458043522, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:43.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:00:43.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:43.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:45.443] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26485 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.20.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.20.17610986931300.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T050045Z&X-Amz-SignedHeaders=host&X-Amz-Signature=fbb23cde882274286b18b7fcd0562322138c8ed03582cb72c5ddcc683aafe2ea"} [2025-12-11 13:00:45.443] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:45.443] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:45.443] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:45.443] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:45.443] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:45.444] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:46.630] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.20.17610986931300.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765458046629, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:46.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:00:46.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:46.630] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:48.615] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24816 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.21.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.21.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a70fdbf60d6c519b7dc49c3683135546ab6df08d0fdfcd262e2b87297f0882dc&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T050048Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:00:48.615] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:48.616] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:48.616] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:48.616] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:48.616] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:48.620] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:50.140] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.21.17610986931300.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765458050121, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:50.140] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:00:51.824] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26486 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.2.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.2.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T050051Z&X-Amz-Signature=861e3ef3c30865b2e06a313921d1a855e22befcd17992cf6ec33df6574c5e7b1&X-Amz-SignedHeaders=host"} [2025-12-11 13:00:51.824] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:51.825] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:51.825] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:51.825] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:51.825] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:51.825] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:53.784] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.2.17610986931300.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765458053783, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:53.784] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:00:53.784] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:53.784] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:55.375] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26487 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.22.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.22.17610986931300.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=19f983f61b8087cabef63487fa187607a10ffbd4b42946eccb85195e638a2489&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T050054Z"} [2025-12-11 13:00:55.376] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:55.376] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:55.376] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:55.376] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:55.376] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:55.376] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:00:56.640] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.22.17610986931300.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765458056639, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:00:56.640] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:00:56.640] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:00:56.640] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:00:59.249] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25234 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.23.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.23.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T050058Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=7b1ecd7b93d1e2629dd8fa0652771842ebc1b3b6dca2aa48bf7743f37e90957b&X-Amz-SignedHeaders=host"} [2025-12-11 13:00:59.249] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:00:59.249] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:00:59.249] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:00:59.249] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:00:59.249] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:00:59.250] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:00.771] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.23.17610986931300.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765458060770, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:00.771] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:01:00.771] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:00.771] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:02.513] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25235 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.24.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.24.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bda7da8a5893628b7c48e340a30d9affd1d4ed96af035217ac8f78e0fb3d87ad&X-Amz-Date=20251211T050102Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:01:02.514] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:02.514] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:02.514] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:02.514] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:02.514] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:02.514] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:03.825] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.24.17610986931300.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765458063824, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:03.825] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:01:03.825] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:03.825] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:05.858] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24817 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.25.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.25.17610986931300.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bf1b2eab4ee66d86292933e29160ea7994abec52e235381b9afc94d175eb65a6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T050105Z"} [2025-12-11 13:01:05.858] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:05.858] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:05.858] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:05.858] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:05.858] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:05.859] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:07.175] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.25.17610986931300.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765458067174, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:07.175] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:01:07.175] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:07.175] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:09.115] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24818 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.26.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.26.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T050108Z&X-Amz-Signature=9288cf8e0540080e58b66cdaaced028b4cb5e84a88410bf2461383b71594233b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 13:01:09.115] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:09.115] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:09.116] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:09.116] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:09.116] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:09.116] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:10.779] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.26.17610986931300.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765458070778, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:01:10.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:01:10.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:10.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:12.334] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24819 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.3.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.3.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T050111Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=89cfc9adab41caf4e8ad25f97b0032bec25170265c21c48477e93ced2c863fc0"} [2025-12-11 13:01:12.335] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:12.335] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:12.335] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:12.335] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:12.335] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:12.335] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:14.579] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.3.17610986931300.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765458074578, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:14.579] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:01:14.579] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:14.579] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:15.468] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25236 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.4.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.4.17610986931300.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T050115Z&X-Amz-SignedHeaders=host&X-Amz-Signature=da6936fc41401176eedc69006919558f6198078e0314f105ce1d73d4c305f7d6"} [2025-12-11 13:01:15.468] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:15.468] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:15.468] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:15.468] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:15.468] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:15.469] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:16.633] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.4.17610986931300.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765458076632, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:16.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:01:18.994] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25237 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.5.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.5.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T050118Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=5f4e1746ae6195ee7eaf1690d66b21f40fd7692c8a20cfbf74cfdc10dfd08091"} [2025-12-11 13:01:18.994] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:18.994] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:18.995] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:18.995] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:18.995] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:18.995] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:20.389] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.5.17610986931300.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765458080388, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:01:20.389] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:01:20.389] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:20.389] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:22.136] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24820 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.6.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.6.17610986931300.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ff356bc5a24b66047e88b17f14346da166afac7e5ef38a7b5d2799b412b84262&X-Amz-Date=20251211T050121Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:01:22.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:22.136] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:22.136] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:22.136] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:22.136] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:22.137] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:23.092] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.6.17610986931300.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765458083091, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:23.092] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:01:23.092] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:23.092] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:25.334] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25238 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.7.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.7.17610986931300.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=b5821ef92a713a0154fc27cd835b7a36fe209f30dcbc78460013956ed458197f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T050124Z"} [2025-12-11 13:01:25.334] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:25.334] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:25.334] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:25.334] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:25.334] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:25.335] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:26.707] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.7.17610986931300.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765458086706, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:26.707] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:01:26.707] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:26.707] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:28.523] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24821 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.8.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.8.17610986931300.jsonl?X-Amz-Signature=0b0e4b3fd29a392f75839dd12b416b28eddb05dd121eabef0ee092a705500c12&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T050128Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:01:28.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:28.523] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:28.523] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:28.523] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:28.523] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:28.524] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:29.900] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.8.17610986931300.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765458089899, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:29.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:01:29.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:29.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:01:31.711] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25239 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.17610986931300.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.17610986931300.jsonl?X-Amz-Signature=4fb3af6cd1d4a8610d15afa5c31e14af6e8e1bb27650e5af9dab369e681e79f5&X-Amz-Expires=604800&X-Amz-Date=20251211T050131Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:01:31.711] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:01:31.711] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:01:31.711] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:01:31.711] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:01:31.712] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:01:31.713] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:01:33.087] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.17610986931300.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765458093086, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:01:33.087] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:01:33.087] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:01:33.087] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:10.154] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25240 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.10.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.10.17610986931310.jsonl?X-Amz-Signature=3fa48134d93a50af817a22710928897885550528d740354d65c5ec559f224686&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T051009Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 13:10:10.155] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:10.155] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:10.155] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:10.155] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:10.155] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:10.156] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:11.514] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.10.17610986931310.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765458611514, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:11.514] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:10:11.514] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:11.514] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:13.319] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25241 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.11.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.11.17610986931310.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9235affed4ca35b245a9ad2a0c79f9819e17b1819a164213488ca37d7717edcb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T051012Z"} [2025-12-11 13:10:13.319] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:13.320] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:13.320] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:13.320] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:13.320] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:13.320] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:14.792] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.11.17610986931310.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765458614791, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:14.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:10:14.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:14.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:16.526] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26488 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.1.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.1.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T051016Z&X-Amz-Signature=5b9d77423d927b2a2287cc9e5c322dd44617d0769a9186f3c4160b7a96adef92&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 13:10:16.526] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:16.526] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:16.527] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:16.527] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:16.527] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:16.527] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:18.151] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.1.17610986931310.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765458618150, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:18.151] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:10:18.151] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:18.151] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:19.718] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26489 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.12.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.12.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T051019Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=927ae8829510201fc3b73f8927c355dad7b2d574550b1c6dbf70e56204e083b2"} [2025-12-11 13:10:19.718] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:19.718] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:19.718] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:19.718] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:19.718] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:19.719] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:21.351] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.12.17610986931310.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765458621350, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:21.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:10:21.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:21.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:22.875] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26490 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.13.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.13.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0d8afbbe010ef4d5e3ee30839d9055f1e1fd1964ec9ad82f4566ac7aad81a86c&X-Amz-Date=20251211T051022Z"} [2025-12-11 13:10:22.875] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:22.875] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:22.875] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:22.875] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:22.875] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:22.876] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:24.691] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.13.17610986931310.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765458624690, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:24.692] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:10:24.692] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:24.692] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:26.267] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25242 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.14.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.14.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T051025Z&X-Amz-SignedHeaders=host&X-Amz-Signature=19bf573349a9fb943cc915fa8d8ef52fae0ab46d132bac56d5b3c1f8c33fb4e8&X-Amz-Expires=604800"} [2025-12-11 13:10:26.267] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:26.267] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:26.267] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:26.267] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:26.268] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:26.268] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:27.879] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.14.17610986931310.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765458627878, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:10:27.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:10:27.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:27.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:29.386] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24822 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.15.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.15.17610986931310.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8656910e8c93e5e28ddedce01109cd8f4c3e109d83afb50796b267732ecbec9d&X-Amz-Date=20251211T051028Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:10:29.386] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:29.386] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:29.386] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:29.386] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:29.386] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:29.387] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:30.932] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.15.17610986931310.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765458630931, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:30.932] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:10:30.932] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:30.932] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:32.714] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26491 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.16.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.16.17610986931310.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T051032Z&X-Amz-Expires=604800&X-Amz-Signature=3c1a9024634b8982d08749d1cdafe06df3775328e18a4514977f9ab65c63aaf5&X-Amz-SignedHeaders=host"} [2025-12-11 13:10:32.715] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:32.715] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:32.715] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:32.715] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:32.715] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:32.715] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:34.603] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.16.17610986931310.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765458634602, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:34.603] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:10:34.603] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:34.603] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:36.187] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25243 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.17.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.17.17610986931310.jsonl?X-Amz-Date=20251211T051035Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a45601e98b970d30c34d8632381003acb6beb1e8a8b26b1bb1037f34de961319&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 13:10:36.188] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:36.188] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:36.188] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:36.188] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:36.188] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:36.188] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:37.505] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.17.17610986931310.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765458637504, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:37.505] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:10:37.505] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:37.505] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:39.324] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25244 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.18.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.18.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=26a38685bb1052798464886bd66a518c68c8ccdf6ef78d3c7dc6fa2c36e66039&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T051038Z&X-Amz-SignedHeaders=host"} [2025-12-11 13:10:39.324] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:39.324] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:39.324] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:39.324] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:39.324] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:39.325] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:40.713] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.18.17610986931310.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765458640712, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:40.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:10:40.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:40.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:42.461] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25245 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.19.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.19.17610986931310.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=016724518f88105839ee333c3fb2f247c64fe90362158b39f31527c18bb995b6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T051042Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:10:42.461] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:42.461] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:42.461] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:42.461] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:42.461] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:42.462] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:43.696] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.19.17610986931310.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765458643695, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:43.696] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:10:43.696] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:43.696] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:45.638] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25246 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.20.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.20.17610986931310.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b1efd3570f3d4dcef0a6c01d1dee2dca468ab127c9c532b42d800e666e272a3a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T051045Z"} [2025-12-11 13:10:45.638] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:45.638] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:45.638] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:45.638] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:45.638] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:45.639] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:47.051] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.20.17610986931310.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765458647050, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:47.051] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:10:47.051] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:47.051] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:48.773] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26492 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.21.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.21.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c651af2d09889dd15b81a5be28c34777b9c13839d4a2320f9312f3190a9e79f7&X-Amz-Date=20251211T051048Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:10:48.773] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:48.773] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:48.773] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:48.773] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:48.773] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:48.774] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:50.275] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.21.17610986931310.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765458650274, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:50.275] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:10:51.962] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25247 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.2.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.2.17610986931310.jsonl?X-Amz-Signature=d05794163229e79c5e212e7c3073bdcc87d8181d477fd0c5435dfcbb737a114b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T051051Z&X-Amz-Expires=604800"} [2025-12-11 13:10:51.962] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:51.962] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:51.962] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:51.962] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:51.962] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:51.963] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:53.763] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.2.17610986931310.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765458653762, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:53.763] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:10:53.763] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:53.763] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:55.451] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24823 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.22.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.22.17610986931310.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T051055Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=942831a144db2564bb65a2dbf962c30719eeced90532f5f63fd1151f26d25153"} [2025-12-11 13:10:55.451] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:55.451] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:55.451] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:55.451] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:55.451] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:55.452] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:10:56.786] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.22.17610986931310.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765458656785, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:10:56.786] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:10:56.786] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:10:56.786] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:10:59.319] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25248 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.23.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.23.17610986931310.jsonl?X-Amz-Date=20251211T051058Z&X-Amz-SignedHeaders=host&X-Amz-Signature=67070981ef3f1f3992e540c21eabd88b82463a1a4fc1ff63b3ba79b22b223cc2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:10:59.319] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:10:59.319] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:10:59.320] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:10:59.320] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:10:59.320] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:10:59.321] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:00.933] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.23.17610986931310.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765458660931, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:11:00.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:11:00.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:00.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:02.553] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24824 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.24.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.24.17610986931310.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T051102Z&X-Amz-Signature=41a1d2166657db98657ae97b872f534c8ce74ad7cad04bdc0f983b1342323eda&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:11:02.553] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:02.553] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:02.553] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:02.553] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:02.553] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:02.554] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:03.896] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.24.17610986931310.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765458663895, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:03.896] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:11:03.896] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:03.896] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:06.008] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24825 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.25.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.25.17610986931310.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T051105Z&X-Amz-Expires=604800&X-Amz-Signature=47de3912f40837a30a22ea5a13f45298d58283da998076b1404b68f305713ae7&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:11:06.008] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:06.008] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:06.008] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:06.008] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:06.008] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:06.009] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:07.351] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.25.17610986931310.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765458667350, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:07.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:11:07.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:07.351] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:09.214] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24826 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.26.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.26.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T051108Z&X-Amz-Signature=9bb5fdb6010109d8f7baee5d471d48382ae7700c491352e963777ca354bb0722&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:11:09.215] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:09.215] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:09.215] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:09.215] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:09.215] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:09.215] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:10.909] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.26.17610986931310.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765458670908, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:11:10.909] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:11:10.909] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:10.909] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:12.434] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25249 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.3.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.3.17610986931310.jsonl?X-Amz-Date=20251211T051112Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9ee6ec4e16603914bd684eceee78b620ea029b79107948f214b2c0914c099c0e&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:11:12.435] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:12.435] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:12.435] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:12.435] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:12.435] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:12.435] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:14.676] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.3.17610986931310.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765458674675, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:14.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:11:14.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:14.676] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:15.563] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25250 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.4.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.4.17610986931310.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3a4a5c61085a0e897432f3525902da6f0b9859e19eec7dc44ac9f163780f9c3a&X-Amz-Expires=604800&X-Amz-Date=20251211T051115Z"} [2025-12-11 13:11:15.563] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:15.563] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:15.564] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:15.564] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:15.564] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:15.564] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:16.736] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.4.17610986931310.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765458676735, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:16.736] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:11:19.108] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24827 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.5.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.5.17610986931310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T051118Z&X-Amz-Signature=4316c2522e45f0b9d8cc28dab37d78f1b71c4dcd7ce75b34e7f89a5ef9df9ad5&X-Amz-Expires=604800"} [2025-12-11 13:11:19.108] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:19.108] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:19.108] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:19.108] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:19.108] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:19.109] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:20.489] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.5.17610986931310.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765458680488, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:20.489] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:11:20.489] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:20.489] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:22.249] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26493 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.6.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.6.17610986931310.jsonl?X-Amz-Signature=b40937cd2c789cf098c693787790c1092c900b3e6c31009bd5a238e01933a653&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T051121Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:11:22.249] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:22.249] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:22.249] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:22.249] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:22.249] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:22.250] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:23.257] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.6.17610986931310.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765458683256, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:23.257] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:11:23.257] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:23.257] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:25.516] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24828 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.7.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.7.17610986931310.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T051125Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e7d6aa67597bceccfb3eebaa51149d0725ca921a42542a0acec786ed43a7b2a0"} [2025-12-11 13:11:25.516] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:25.516] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:25.517] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:25.517] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:25.517] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:25.518] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:26.852] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.7.17610986931310.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765458686851, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:11:26.852] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:11:26.852] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:26.852] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:28.706] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25251 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.8.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.8.17610986931310.jsonl?X-Amz-Expires=604800&X-Amz-Signature=14269d7d0e55055b3974f05b4b6dc87df5a9be9b1b618afa9b0e146659d4585f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T051128Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:11:28.706] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:28.706] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:28.707] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:28.707] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:28.707] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:28.707] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:30.123] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.8.17610986931310.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765458690122, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:30.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:11:30.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:30.123] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:31.874] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25252 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.17610986931310.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.17610986931310.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=07dc154250d76ad150bbba6cf483ce57cddfda3790fb7730c07dec7b57250165&X-Amz-Date=20251211T051131Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 13:11:31.874] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:31.874] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:31.875] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:31.875] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:31.875] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:31.875] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:33.259] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.17610986931310.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765458693258, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:11:33.259] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:11:33.259] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:11:33.259] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:11:35.212] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24829 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.1765429846.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.1765429846.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=46c551c1cdaf58e8738e72c240ff58d2ccdf86c7ec23443acc1097e166c96b2c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T051134Z"} [2025-12-11 13:11:35.212] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:11:35.212] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:11:35.212] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:11:35.212] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:11:35.212] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:11:35.213] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:11:35.217] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.1765429846.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765458695217, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 13:11:35.217] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:20:10.161] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24830 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.10.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.10.17610986931320.jsonl?X-Amz-Signature=06e9f41b7854edf688b45b40d71f310ee58893893c6862948e231e8ff1531da6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T052009Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:20:10.161] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:10.161] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:10.161] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:10.161] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:10.161] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:10.161] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:11.442] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.10.17610986931320.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765459211441, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:11.442] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:20:11.442] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:11.442] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:13.311] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26494 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.11.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.11.17610986931320.jsonl?X-Amz-Signature=58570fd38afec107b14e68eea51f6d07e8c4997ad8468fecb34226bbcc613307&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T052012Z"} [2025-12-11 13:20:13.311] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:13.311] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:13.311] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:13.311] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:13.311] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:13.312] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:14.803] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.11.17610986931320.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765459214802, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:14.803] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:20:14.803] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:14.803] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:16.470] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25253 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.1.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.1.17610986931320.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=115b8d30d028b81579318cc6eb65af71006541354c8b4225e7dad2ec310b7e11&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T052016Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:20:16.470] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:16.470] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:16.470] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:16.470] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:16.470] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:16.471] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:18.136] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.1.17610986931320.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765459218135, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:20:18.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:20:18.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:18.136] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:19.675] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24831 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.12.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.12.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b91a9610ebf51bc2dfbf9ef9750eebc8e2af75a67020209d1f5c4da26cab2c87&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T052019Z"} [2025-12-11 13:20:19.675] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:19.675] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:19.675] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:19.676] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:19.676] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:19.676] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:21.355] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.12.17610986931320.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765459221354, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:21.356] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:20:21.356] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:21.356] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:22.840] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24832 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.13.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.13.17610986931320.jsonl?X-Amz-Date=20251211T052022Z&X-Amz-SignedHeaders=host&X-Amz-Signature=62404f88b51a480e3c4442fb686419de337b9c6f03bc16a959688191d3f2eb40&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:20:22.840] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:22.840] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:22.840] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:22.840] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:22.840] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:22.841] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:24.574] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.13.17610986931320.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765459224573, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:24.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:20:24.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:24.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:26.219] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26495 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.14.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.14.17610986931320.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=010f17af29ce97e53bf11e0c2947e31d4ed359222f597ab3fc2946168f13f7c1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T052025Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 13:20:26.219] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:26.219] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:26.219] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:26.219] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:26.219] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:26.220] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:27.694] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.14.17610986931320.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765459227693, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:27.694] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:20:27.694] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:27.694] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:29.344] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25254 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.15.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.15.17610986931320.jsonl?X-Amz-Signature=ac68b6146aa9e7d93c805fb1a484a0ba971d7f740909baa32085a63f6cb996bd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T052028Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:20:29.344] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:29.344] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:29.345] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:29.345] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:29.345] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:29.345] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:30.898] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.15.17610986931320.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765459230897, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:30.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:20:30.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:30.898] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:32.674] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26496 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.16.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.16.17610986931320.jsonl?X-Amz-Date=20251211T052032Z&X-Amz-Signature=b18bcc53c67c6ee1009ada1a43783bebe359804d395b5a59ddd06f80cc15d7d6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 13:20:32.674] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:32.674] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:32.674] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:32.674] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:32.674] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:32.675] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:34.601] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.16.17610986931320.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765459234600, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:34.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:20:34.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:34.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:36.139] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24833 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.17.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.17.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=712e12a2422335cd65b696fb47eef5541284ff9dcc4cbacad2aa5d7d47d5b70d&X-Amz-Date=20251211T052035Z"} [2025-12-11 13:20:36.139] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:36.139] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:36.139] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:36.139] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:36.139] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:36.140] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:37.453] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.17.17610986931320.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765459237452, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:37.453] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:20:37.453] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:37.453] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:39.328] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26497 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.18.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.18.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T052038Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=8b315046818ccec544069b5cd5caa0ba41b7d85eab4989245bee40586785be37&X-Amz-Expires=604800"} [2025-12-11 13:20:39.328] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:39.328] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:39.328] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:39.328] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:39.328] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:39.329] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:40.716] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.18.17610986931320.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765459240715, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:40.716] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:20:40.716] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:40.716] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:42.470] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25255 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.19.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.19.17610986931320.jsonl?X-Amz-Date=20251211T052042Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4bd8502922f446d79ad87e3de8785d7f46e892086c828d879309d5567296f09f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:20:42.470] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:42.470] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:42.471] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:42.471] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:42.471] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:42.471] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:43.738] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.19.17610986931320.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765459243697, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:43.738] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:20:43.738] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:43.738] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:45.663] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24834 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.20.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.20.17610986931320.jsonl?X-Amz-Signature=5be69a0456d01383316080e9f8e1b9c01ef7eed26b4c71c6e0a267c96931cb6e&X-Amz-Date=20251211T052045Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 13:20:45.663] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:45.663] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:45.663] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:45.663] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:45.663] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:45.663] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:46.930] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.20.17610986931320.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765459246930, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:46.931] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:20:46.931] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:46.931] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:48.798] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24835 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.21.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.21.17610986931320.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=61789821b64e8098eadde633b9b2f0d608f41c003ab608ab442e048523906aec&X-Amz-Expires=604800&X-Amz-Date=20251211T052048Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:20:48.798] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:48.798] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:48.798] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:48.798] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:48.798] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:48.799] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:50.274] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.21.17610986931320.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765459250273, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:50.274] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:20:51.992] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24836 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.2.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.2.17610986931320.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9261d2735074452561c2edc54c22fc1410dd8d2b7cf652806171b2aad7f04cfb&X-Amz-Date=20251211T052051Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:20:51.992] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:51.992] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:51.992] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:51.992] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:51.992] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:51.993] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:53.962] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.2.17610986931320.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765459253961, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:20:53.962] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:20:53.962] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:53.962] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:55.489] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24837 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.22.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.22.17610986931320.jsonl?X-Amz-Date=20251211T052055Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=d03f5bf54e7dcaec41d4bb352cac4f148b139e11474140c0610b393fe1aa67c8"} [2025-12-11 13:20:55.489] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:55.489] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:55.489] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:55.489] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:55.489] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:55.490] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:20:56.753] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.22.17610986931320.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765459256753, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:20:56.753] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:20:56.753] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:20:56.753] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:20:59.337] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25256 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.23.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.23.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a378729e19784594b1b8ec5c8912f27ef9db8e2e774bc82df3e50f125afef772&X-Amz-Date=20251211T052058Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:20:59.338] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:20:59.338] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:20:59.338] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:20:59.338] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:20:59.338] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:20:59.338] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:00.804] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.23.17610986931320.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765459260803, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:00.804] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:21:00.804] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:00.804] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:02.569] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24838 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.24.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.24.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T052102Z&X-Amz-Signature=244a23ca1a35b849d4cd822b2cfe95b8eb02ec24a06ed90407c512f5e24c6c1d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:21:02.569] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:02.569] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:02.569] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:02.569] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:02.569] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:02.569] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:03.887] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.24.17610986931320.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765459263886, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:03.887] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:21:03.887] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:03.887] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:05.985] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26498 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.25.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.25.17610986931320.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T052105Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=83b61d3956ad751fbf97ce33334a2bc145bd1d50d7dc57da52939f6827b3c884&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:21:05.986] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:05.986] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:05.986] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:05.986] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:05.986] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:05.987] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:07.325] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.25.17610986931320.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765459267324, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:07.325] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:21:07.325] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:07.325] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:09.228] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26499 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.26.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.26.17610986931320.jsonl?X-Amz-Signature=bb1942fc9e9d77673bee7831d4c037e07f8f8f41b7c903080e85bc831a251544&X-Amz-Date=20251211T052108Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 13:21:09.228] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:09.228] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:09.229] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:09.229] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:09.229] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:09.229] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:10.844] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.26.17610986931320.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765459270843, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:10.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:21:10.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:10.844] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:12.483] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25257 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.3.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.3.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T052111Z&X-Amz-SignedHeaders=host&X-Amz-Signature=015218994bbf10da4e53c7321d20505b77372619d27781603fc1c24c9a1fe5a8&X-Amz-Expires=604800"} [2025-12-11 13:21:12.483] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:12.483] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:12.483] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:12.483] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:12.483] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:12.484] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:14.725] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.3.17610986931320.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765459274724, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:14.725] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:21:14.725] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:14.725] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:15.613] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24839 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.4.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.4.17610986931320.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T052115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3f6f9d057cde0e0e914a10d1358b6874e94537e9046f87bf0ee408569530f5d7"} [2025-12-11 13:21:15.613] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:15.614] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:15.614] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:15.614] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:15.614] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:15.615] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:16.767] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.4.17610986931320.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765459276766, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:16.767] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:21:19.182] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24840 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.5.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.5.17610986931320.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T052118Z&X-Amz-Signature=72c988c16ec80d294f0bd7d7ad6b71dbd63b99428079849219e0ae0606ff272d&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:21:19.182] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:19.182] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:19.183] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:19.183] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:19.183] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:19.183] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:20.574] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.5.17610986931320.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765459280573, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:20.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:21:20.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:20.574] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:22.334] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24841 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.6.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.6.17610986931320.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T052121Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=444b65871400a421a8550b53f3cf8bd02ee5620f6bf4bac29d16245c1ce25f56&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:21:22.334] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:22.334] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:22.335] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:22.335] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:22.335] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:22.335] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:23.285] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.6.17610986931320.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765459283284, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:23.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:21:23.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:23.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:25.559] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25258 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.7.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.7.17610986931320.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T052125Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f1ad76ddacf78988cd1e53b23baa7e0ab8b65fd4f0d3f22fd7b6136cdaf25eb5"} [2025-12-11 13:21:25.559] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:25.559] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:25.559] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:25.559] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:25.559] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:25.560] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:26.865] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.7.17610986931320.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765459286865, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:26.865] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:21:26.865] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:26.866] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:28.751] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25259 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.8.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.8.17610986931320.jsonl?X-Amz-Date=20251211T052128Z&X-Amz-SignedHeaders=host&X-Amz-Signature=ccc1c3605b5754b85aec1705f13334512c40ce8e76c398c6d9d3babd2b7da572&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 13:21:28.751] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:28.751] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:28.751] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:28.751] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:28.751] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:28.751] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:30.135] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.8.17610986931320.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765459290134, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:30.135] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:21:30.135] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:30.135] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:21:31.956] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24842 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.17610986931320.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.17610986931320.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e4e298adfb0102d12892b7f197f2359cc3ecb6e9302c90ae3a0ab9c29100c507&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T052131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:21:31.956] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:21:31.956] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:21:31.956] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:21:31.956] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:21:31.956] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:21:31.956] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:21:33.344] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.17610986931320.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765459293343, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:21:33.344] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:21:33.344] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:21:33.344] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:25:56.274] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25260 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.1765430747.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.1765430747.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b24e1670f3d99fc51fd4fd4c1f3cbffbd9b2625bcc696c474f493fa00bdd43fa&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T052555Z"} [2025-12-11 13:25:56.274] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:25:56.274] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:25:56.275] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:25:56.275] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:25:56.275] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:25:56.276] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:25:56.284] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.1765430747.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765459556283, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 13:25:56.284] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:30:10.307] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24843 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.10.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.10.17610986931330.jsonl?X-Amz-Signature=473f7a6f0afe4c8344450d9f1404018e0ba6a45fe43f5f3bb7c46599b0c464ff&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T053009Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:30:10.307] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:10.307] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:10.307] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:10.307] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:10.307] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:10.308] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:11.671] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.10.17610986931330.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765459811670, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:30:11.671] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:30:11.671] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:11.671] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:13.413] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26500 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.11.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.11.17610986931330.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=65685000c99e66c65aa74f7e031e98196c8a47b79954514d83c212cebdc3a76b&X-Amz-Date=20251211T053012Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:30:13.414] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:13.414] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:13.414] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:13.414] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:13.414] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:13.414] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:14.877] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.11.17610986931330.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765459814876, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:14.877] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:30:14.877] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:14.877] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:16.566] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25261 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.1.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.1.17610986931330.jsonl?X-Amz-Signature=d63eec5b81d4fa8f6b7e6a636125828c33fe9cd5fec4d609aebbf49fb432a2d6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T053016Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:30:16.566] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:16.566] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:16.566] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:16.566] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:16.566] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:16.567] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:18.307] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.1.17610986931330.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765459818306, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:18.307] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:30:18.307] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:18.307] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:19.775] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25262 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.12.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.12.17610986931330.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T053019Z&X-Amz-Signature=5b5f6e956f9ca62a1398cad1fe8aa7566240e60a21b24029765849de1e33ee48&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:30:19.775] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:19.775] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:19.775] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:19.775] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:19.775] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:19.776] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:21.445] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.12.17610986931330.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765459821444, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:21.445] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:30:21.445] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:21.445] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:22.930] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24844 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.13.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.13.17610986931330.jsonl?X-Amz-Signature=f5bfea17255c633dc0ee4141d3c2085e2352e55d0ff61f286efd866fee8b3aec&X-Amz-Date=20251211T053022Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:30:22.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:22.930] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:22.930] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:22.930] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:22.930] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:22.931] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:24.773] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.13.17610986931330.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765459824772, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:30:24.773] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:30:24.773] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:24.773] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:26.314] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26501 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.14.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.14.17610986931330.jsonl?X-Amz-Signature=dfe584682d5d6c1c1c6938995661da83b4d5fe4840a47f2840e69f342c7d8573&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T053025Z&X-Amz-Expires=604800"} [2025-12-11 13:30:26.315] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:26.315] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:26.315] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:26.315] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:26.315] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:26.316] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:27.932] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.14.17610986931330.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765459827931, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:27.932] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:30:27.932] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:27.932] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:29.453] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26502 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.15.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.15.17610986931330.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T053028Z&X-Amz-Signature=5c69b8c63f63259c30251b3de751466cf10f14a177c035660d96578e99c5d1a5&X-Amz-SignedHeaders=host"} [2025-12-11 13:30:29.453] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:29.453] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:29.454] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:29.454] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:29.454] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:29.454] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:30.975] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.15.17610986931330.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765459830973, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 13:30:30.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:30:30.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:30.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:32.782] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26503 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.16.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.16.17610986931330.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T053032Z&X-Amz-SignedHeaders=host&X-Amz-Signature=33057d95278ea3e0ed6a8f94bc1cb3fcb022d61cb9844d94d1235014c2b92008"} [2025-12-11 13:30:32.782] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:32.782] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:32.782] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:32.782] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:32.782] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:32.782] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:34.609] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.16.17610986931330.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765459834608, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:30:34.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:30:34.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:34.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:36.268] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26504 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.17.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.17.17610986931330.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2b76075b4b896bd64eec04f91eead2363787ff4c8fb3065b6a6df71a56621bdc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T053035Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:30:36.268] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:36.268] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:36.268] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:36.268] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:36.268] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:36.269] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:37.586] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.17.17610986931330.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765459837585, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:30:37.586] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:30:37.586] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:37.586] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:39.406] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25263 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.18.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.18.17610986931330.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=3ba7c651f8866e8072e35811d9b30868fb161ba894e99df0fb983c7cdd9440d0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T053038Z"} [2025-12-11 13:30:39.407] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:39.407] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:39.407] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:39.407] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:39.407] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:39.407] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:40.780] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.18.17610986931330.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765459840779, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:40.780] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:30:40.780] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:40.780] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:42.550] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24845 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.19.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.19.17610986931330.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a2b560fe9f6f4b8613a29748ed7ab10fb6bee285dce2de43afc9af619ce84288&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T053042Z&X-Amz-Expires=604800"} [2025-12-11 13:30:42.550] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:42.550] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:42.551] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:42.551] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:42.551] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:42.551] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:43.786] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.19.17610986931330.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765459843785, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:43.786] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:30:43.786] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:43.786] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:45.737] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24846 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.20.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.20.17610986931330.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e53032f54ad83f25080dcbda2f4ab206f6851f8a6bf471fad57c1f09e497bb53&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T053045Z"} [2025-12-11 13:30:45.737] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:45.737] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:45.738] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:45.738] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:45.738] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:45.738] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:46.975] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.20.17610986931330.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765459846974, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:46.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:30:46.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:46.975] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:48.870] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24847 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.21.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.21.17610986931330.jsonl?X-Amz-Date=20251211T053048Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1e9358afd9469d4f723ce8279ed90d2fee74e2e42dc307897698c6b076f2fa8d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:30:48.870] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:48.870] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:48.871] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:48.871] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:48.871] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:48.871] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:50.327] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.21.17610986931330.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765459850326, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:50.327] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:30:52.061] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26505 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.2.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.2.17610986931330.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T053051Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=64f3e40458bf140fcc87926ba9d88dd69e698afdbd807b6084816aef37c77ff1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:30:52.062] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:52.062] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:52.062] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:52.062] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:52.062] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:52.062] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:54.107] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.2.17610986931330.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765459854106, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:54.107] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:30:54.107] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:54.107] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:55.593] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24848 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.22.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.22.17610986931330.jsonl?X-Amz-Date=20251211T053055Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0df0a5933fa70bd1148ea5e52e995b251ea6795c338ba3f1bc9ed3e479775343"} [2025-12-11 13:30:55.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:55.594] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:55.594] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:55.594] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:55.594] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:55.594] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:30:56.886] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.22.17610986931330.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765459856885, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:30:56.886] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:30:56.886] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:30:56.886] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:30:59.486] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26506 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.23.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.23.17610986931330.jsonl?X-Amz-Date=20251211T053059Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8bc893758ed64f145f7c89a3591135a45ff4ca6ec9c66faf3502b5a4bd1d0b33&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:30:59.486] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:30:59.486] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:30:59.486] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:30:59.486] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:30:59.486] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:30:59.487] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:01.048] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.23.17610986931330.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765459861047, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:01.048] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:31:01.048] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:01.048] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:02.710] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26507 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.24.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.24.17610986931330.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9e8e0feff1f14d4fd544989f74a59c32a23c5bc037103a4a78c4c4cca6c16542&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T053102Z"} [2025-12-11 13:31:02.711] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:02.711] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:02.711] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:02.711] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:02.711] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:02.711] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:04.019] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.24.17610986931330.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765459864018, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:04.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:31:04.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:04.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:06.133] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25264 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.25.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.25.17610986931330.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T053105Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c18a18c357edeb0711b06ab439f3af6254c2a7ff8c8290af7d21873b45693da0&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 13:31:06.133] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:06.133] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:06.133] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:06.133] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:06.133] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:06.134] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:07.497] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.25.17610986931330.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765459867496, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:07.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:31:07.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:07.497] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:09.340] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26508 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.26.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.26.17610986931330.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6d37491dfe3d23754092bf2d3e79b90b70e3165bd294f306d6e3cb7d4fcd119d&X-Amz-Expires=604800&X-Amz-Date=20251211T053108Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:31:09.340] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:09.340] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:09.340] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:09.340] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:09.340] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:09.341] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:11.015] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.26.17610986931330.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765459871014, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:11.015] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:31:11.015] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:11.015] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:12.560] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25265 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.3.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.3.17610986931330.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T053112Z&X-Amz-SignedHeaders=host&X-Amz-Signature=db1b40575469440d0a14848d9d84ad3998a9d55553097156fbbb5e5684703b25&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:31:12.560] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:12.560] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:12.560] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:12.560] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:12.560] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:12.561] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:14.787] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.3.17610986931330.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765459874786, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:14.787] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:31:14.787] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:14.787] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:15.698] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25266 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.4.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.4.17610986931330.jsonl?X-Amz-Signature=1b9aacd2a01e165d7ea7e819aacca57858a5136c33c83ad3819477888bcbd544&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T053115Z&X-Amz-SignedHeaders=host"} [2025-12-11 13:31:15.698] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:15.698] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:15.698] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:15.698] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:15.698] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:15.698] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:17.005] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.4.17610986931330.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765459877004, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:17.005] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:31:19.275] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25267 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.5.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.5.17610986931330.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=de89fd7fd25112c3f87615c01e0fa8fff432757cdc285431f5937274c1101fc3&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T053118Z&X-Amz-SignedHeaders=host"} [2025-12-11 13:31:19.275] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:19.275] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:19.275] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:19.275] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:19.275] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:19.276] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:20.693] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.5.17610986931330.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765459880692, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:20.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:31:20.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:20.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:22.417] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26509 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.6.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.6.17610986931330.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T053122Z&X-Amz-Signature=6a0624eba6f4e32afb1da0df6cac04267960950347ba41470a4d3d2fe9307490&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:31:22.417] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:22.417] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:22.417] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:22.417] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:22.417] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:22.418] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:23.379] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.6.17610986931330.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765459883378, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:31:23.379] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:31:23.379] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:23.379] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:25.681] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24849 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.7.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.7.17610986931330.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T053125Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8199d7aa6796e8e20083deee8c191f7fd579dcd4a02c665651c39578918b4448&X-Amz-SignedHeaders=host"} [2025-12-11 13:31:25.681] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:25.681] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:25.681] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:25.681] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:25.681] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:25.681] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:27.012] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.7.17610986931330.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765459887011, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:27.012] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:31:27.012] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:27.012] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:28.877] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26510 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.8.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.8.17610986931330.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T053128Z&X-Amz-Signature=872051b699ee264c0dd7724f46ef6dfcd60d2bc17bad7402ca34940d66fcc0e6"} [2025-12-11 13:31:28.877] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:28.877] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:28.877] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:28.877] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:28.877] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:28.877] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:30.381] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.8.17610986931330.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765459890381, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:30.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:31:30.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:30.381] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:31:32.081] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24850 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.17610986931330.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.17610986931330.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T053131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d28d4a48fc4cf8f9fef62f0277de028bc02b9aacbd9a74fa190a836452aafac8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 13:31:32.081] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:31:32.081] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:31:32.081] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:31:32.081] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:31:32.081] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:31:32.082] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:31:33.466] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.17610986931330.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765459893465, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:31:33.466] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:31:33.466] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:31:33.466] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:10.397] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26511 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.10.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.10.17610986931340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T054010Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b4b130ce7e1ad15451d511162ff8d2233ae3b6d35eeb452d84797c8f37e12605"} [2025-12-11 13:40:10.397] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:10.397] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:10.397] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:10.397] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:10.397] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:10.398] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:11.729] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.10.17610986931340.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765460411728, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:11.729] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:40:11.729] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:11.729] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:13.537] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24851 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.11.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.11.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054013Z&X-Amz-Signature=edaf53fc98b77e391f76053f47db9dd37b6caf5ce9bd41f633f0b95e44de0bbc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:40:13.537] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:13.537] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:13.537] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:13.537] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:13.537] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:13.538] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:15.029] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.11.17610986931340.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765460415028, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:15.029] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:40:15.029] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:15.029] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:16.692] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26512 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.1.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.1.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T054016Z&X-Amz-SignedHeaders=host&X-Amz-Signature=70db5b72a9839c0dd2a35503b909cd948880a2f29b4d92cc3d5300b6ab14822c&X-Amz-Expires=604800"} [2025-12-11 13:40:16.693] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:16.693] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:16.693] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:16.693] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:16.693] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:16.693] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:18.362] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.1.17610986931340.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765460418361, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:18.362] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:40:18.362] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:18.362] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:19.894] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26513 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.12.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.12.17610986931340.jsonl?X-Amz-Expires=604800&X-Amz-Signature=b75c75ad5ee7b19f7fb32f86edff197820f93b5e2496ca5d72b4d253069d57f6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054019Z"} [2025-12-11 13:40:19.894] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:19.894] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:19.894] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:19.894] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:19.894] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:19.895] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:21.568] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.12.17610986931340.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765460421567, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 13:40:21.568] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:40:21.568] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:21.568] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:23.049] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24852 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.13.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.13.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b758ef8ac3941c733249550df9523c8e7bab98f2a733aa5e15891160d9729d3c&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T054022Z"} [2025-12-11 13:40:23.049] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:23.049] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:23.050] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:23.050] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:23.050] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:23.050] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:24.879] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.13.17610986931340.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765460424878, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:24.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:40:24.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:24.879] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:26.473] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25268 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.14.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.14.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054026Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=665c32c6704f3fc485d2ef261708b04aaca6f28fca7ca5327d00243c836b6304"} [2025-12-11 13:40:26.473] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:26.473] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:26.473] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:26.474] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:26.474] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:26.474] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:28.110] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.14.17610986931340.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765460428109, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:28.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:40:28.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:28.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:29.598] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25269 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.15.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.15.17610986931340.jsonl?X-Amz-Expires=604800&X-Amz-Signature=c7d43a4b6ba2fa8fb7e17c6d60e5a34063634e2ee2f3125ea872d010ec5dc4f0&X-Amz-Date=20251211T054029Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:40:29.598] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:29.598] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:29.598] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:29.598] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:29.598] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:29.599] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:31.110] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.15.17610986931340.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765460431109, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:31.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:40:31.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:31.110] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:32.933] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24853 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.16.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.16.17610986931340.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054032Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=63efb5a55c824890416ae48a555e101e65bac0fbd44cc8f48ded61a31a8c3125"} [2025-12-11 13:40:32.933] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:32.933] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:32.933] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:32.933] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:32.933] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:32.934] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:34.868] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.16.17610986931340.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765460434866, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:34.868] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:40:34.868] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:34.868] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:36.393] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24854 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.17.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.17.17610986931340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0206db3cb3f4b9b8e81c323f80aa844ba64a234f48cb05de9f8b47bd9850602e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T054035Z"} [2025-12-11 13:40:36.394] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:36.394] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:36.394] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:36.394] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:36.394] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:36.394] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:37.601] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.17.17610986931340.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765460437600, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:37.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:40:37.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:37.601] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:39.520] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25270 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.18.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.18.17610986931340.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251211T054039Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=37776d0d15162e14709c4d0bd6fc60255af0f07c9679aa8f64870bce1384f95c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 13:40:39.520] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:39.520] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:39.520] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:39.520] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:39.520] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:39.521] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:40.911] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.18.17610986931340.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765460440910, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:40.911] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:40:40.911] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:40.911] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:42.664] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24855 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.19.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.19.17610986931340.jsonl?X-Amz-Signature=fc6ee1eccfc308f092b5e0fa65b2a4f9b8d202cc9769ac0edaa7d7d61a5fc041&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T054042Z&X-Amz-SignedHeaders=host"} [2025-12-11 13:40:42.665] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:42.665] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:42.665] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:42.665] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:42.665] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:42.666] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:43.910] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.19.17610986931340.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765460443909, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:43.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:40:43.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:43.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:45.849] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25271 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.20.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.20.17610986931340.jsonl?X-Amz-Expires=604800&X-Amz-Signature=3a4af51c368f480ad5a94d43def6cc6a43455604ebc249534609bbaafc3838c9&X-Amz-Date=20251211T054045Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:40:45.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:45.849] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:45.849] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:45.849] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:45.849] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:45.850] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:47.115] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.20.17610986931340.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765460447114, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 13:40:47.115] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:40:47.115] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:47.115] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:48.987] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26514 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.21.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.21.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=65e8f46ac582b2b6b6f532869993e10d6a485c0d68d5ca81381280d475776695&X-Amz-Date=20251211T054048Z&X-Amz-Expires=604800"} [2025-12-11 13:40:48.987] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:48.987] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:48.988] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:48.988] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:48.988] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:48.989] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:50.439] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.21.17610986931340.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765460450439, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:50.440] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:40:52.177] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26515 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.2.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.2.17610986931340.jsonl?X-Amz-Date=20251211T054051Z&X-Amz-Signature=a9d8f4cf0313916bb26fd075e3b5a610c93ce1846e39805cb35484325502c474&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:40:52.177] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:52.177] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:52.177] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:52.177] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:52.177] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:52.177] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:54.144] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.2.17610986931340.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765460454143, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:54.144] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:40:54.144] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:54.144] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:55.702] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25272 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.22.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.22.17610986931340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T054055Z&X-Amz-SignedHeaders=host&X-Amz-Signature=facc0e670827a33a13abcd7d6e748faf5eb55e87091d8c0f8a41cd12f406fdec"} [2025-12-11 13:40:55.702] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:55.702] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:55.702] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:55.703] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:55.703] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:55.703] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:40:57.018] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.22.17610986931340.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765460457017, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:40:57.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:40:57.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:40:57.018] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:40:59.573] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26516 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.23.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.23.17610986931340.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=c34de544e529129b49c748f4531521dbb58ad5a3f82bcb8c5cc36b0fcd78bdb2&X-Amz-Date=20251211T054059Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:40:59.573] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:40:59.573] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:40:59.573] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:40:59.573] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:40:59.573] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:40:59.574] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:01.163] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.23.17610986931340.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765460461162, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:01.163] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:41:01.163] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:01.163] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:02.810] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24856 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.24.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.24.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=18aa0b14b1e6112e7584b2e9908a3e609f179ec5d661448a56cb4ef4cb0934e4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T054102Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:41:02.810] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:02.810] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:02.810] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:02.810] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:02.810] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:02.811] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:04.141] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.24.17610986931340.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765460464140, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:04.141] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:41:04.141] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:04.141] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:06.233] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24857 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.25.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.25.17610986931340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=25ae1a49d37a18c52a77f86c9cde557088f1a28dab0e5c0ef52887d2a0292445&X-Amz-Date=20251211T054105Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:41:06.234] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:06.234] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:06.234] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:06.234] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:06.234] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:06.234] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:07.564] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.25.17610986931340.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765460467563, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:07.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:41:07.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:07.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:09.473] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24858 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.26.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.26.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054109Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=daf02760f06c259c4b2f0e16eb3e0066db4c17ab2addf111de72b60a46c27739&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:41:09.473] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:09.473] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:11.121] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.26.17610986931340.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765460471120, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:11.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:41:11.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:11.121] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:12.695] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26517 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.3.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.3.17610986931340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054112Z&X-Amz-SignedHeaders=host&X-Amz-Signature=e3f42dd3fc1c296413c41467180ba0d6b3bdc2bb3a8300e670c4c68624243ad8&X-Amz-Expires=604800"} [2025-12-11 13:41:12.695] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:12.695] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:12.695] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:12.695] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:12.695] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:12.696] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:14.955] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.3.17610986931340.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765460474954, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:14.955] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:41:14.955] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:14.955] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:15.832] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25273 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.4.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.4.17610986931340.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T054115Z&X-Amz-Signature=0d4f05b2811d5e7cd0b15b0ed1302a2dd2d3d3749d37eea125e8a01843585400&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 13:41:15.832] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:15.832] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:15.832] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:15.832] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:15.832] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:15.833] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:16.976] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.4.17610986931340.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765460476975, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:16.976] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:41:19.388] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25274 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.5.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.5.17610986931340.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=402fbea6ad9310cf7ea34fc41ae911e3e8e9bd6c4ed020962cd1aeb1f81995d8&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T054118Z"} [2025-12-11 13:41:19.388] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:19.388] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:19.389] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:19.389] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:19.389] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:19.389] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:20.743] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.5.17610986931340.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765460480743, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:20.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:41:20.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:20.744] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:22.520] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25275 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.6.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.6.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T054122Z&X-Amz-Signature=cbf51c1719ee59a643011b9790d5497b74a8b60a0734bb6cd8b2b576bbc56b0e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:41:22.521] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:22.521] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:22.521] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:22.521] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:22.521] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:22.522] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:23.463] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.6.17610986931340.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765460483462, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:23.463] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:41:23.463] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:23.463] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:25.713] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24859 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.7.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.7.17610986931340.jsonl?X-Amz-Signature=497b41c8f0d2c9ae1cd9417d8ff6761827bef52d351b3e082c757c1e16dae3e4&X-Amz-Date=20251211T054125Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:41:25.713] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:25.713] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:25.713] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:25.713] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:25.713] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:25.714] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:27.046] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.7.17610986931340.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765460487045, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:27.046] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:41:27.046] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:27.046] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:28.901] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25276 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.8.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.8.17610986931340.jsonl?X-Amz-Signature=c5e2e14e8073d428a6731eeef56c1cd6226a0e67f9a38df4bc41a50d61fa44da&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T054128Z"} [2025-12-11 13:41:28.902] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:28.902] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:28.902] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:28.902] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:28.902] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:28.902] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:30.278] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.8.17610986931340.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765460490277, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:41:30.278] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:41:30.278] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:30.278] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:32.097] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24860 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.17610986931340.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.17610986931340.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T054131Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=785a45fbe0bb26ea7b22ae7af8839fc4e68d07874b7e2fae378f05c190d22624"} [2025-12-11 13:41:32.097] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:32.097] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:32.097] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:32.097] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:32.097] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:32.097] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:33.486] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.17610986931340.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765460493485, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:41:33.486] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:41:33.486] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:41:33.486] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:41:35.414] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26518 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.1765431648.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.1765431648.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T054134Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=332bf0a87bba477b4ced59d5ee345fd04a3e81bf82d1fea0a983ca32b706e138&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:41:35.414] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:41:35.414] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:41:35.414] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:41:35.414] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:41:35.414] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:41:35.415] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:41:35.420] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.1765431648.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765460495419, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 13:41:35.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:50:10.495] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26519 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.10.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.10.17610986931350.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=a3c29b9df4642f1ad2086185dafc67caa919c11c3eb4f232f578317916870346&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055010Z"} [2025-12-11 13:50:10.495] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:10.495] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:10.495] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:10.495] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:10.495] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:10.496] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:11.839] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.10.17610986931350.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765461011838, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:11.839] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:50:11.840] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:11.840] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:13.652] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25277 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.11.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.11.17610986931350.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9e2b05690ac42105ec2400e71178f9c6046f0a168a283907128d36614bc669eb&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055013Z"} [2025-12-11 13:50:13.652] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:13.652] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:13.652] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:13.652] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:13.652] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:13.652] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:15.119] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.11.17610986931350.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765461015118, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:15.119] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:50:15.119] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:15.119] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:16.811] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25278 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.1.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.1.17610986931350.jsonl?X-Amz-Date=20251211T055016Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=979ed4f9fa0a32e3e1c00e5ecf444e72fad61ea8e40010614f5b7cdc557cec19&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 13:50:16.812] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:16.812] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:16.812] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:16.812] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:16.812] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:16.812] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:18.482] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.1.17610986931350.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765461018481, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:18.482] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:50:18.482] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:18.482] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:20.016] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26520 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.12.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.12.17610986931350.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T055019Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=741d2d07ca13a678cce0caec265899d3e8588d1c3b580b751ed5be162f36e142&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:50:20.016] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:20.016] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:20.016] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:20.016] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:20.017] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:20.017] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:21.685] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.12.17610986931350.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765461021684, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:21.685] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:50:21.685] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:21.685] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:23.185] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24861 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.13.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.13.17610986931350.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e1a0cbd2bf1b9e4e72630c4cf88644cb4ae773cf0c93e5a5b1d3c8af5b481e8b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055022Z&X-Amz-SignedHeaders=host"} [2025-12-11 13:50:23.185] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:23.185] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:23.185] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:23.185] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:23.185] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:23.186] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:24.989] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.13.17610986931350.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765461024988, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:24.989] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:50:24.989] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:24.989] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:26.563] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25279 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.14.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.14.17610986931350.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a87df3d49abda8c5599a5b07f90610b87490db837d8cef93117c9abd721d4b48&X-Amz-Date=20251211T055026Z"} [2025-12-11 13:50:26.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:26.564] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:26.564] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:26.564] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:26.564] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:26.564] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:28.161] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.14.17610986931350.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765461028160, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 13:50:28.161] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:50:28.161] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:28.161] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:29.688] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24862 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.15.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.15.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055029Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2e09cc0703734db7524fb7af02aac6ed4bfc2e98d67f2bb40ae15ca5202bfaf9"} [2025-12-11 13:50:29.688] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:29.688] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:29.689] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:29.689] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:29.689] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:29.689] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:31.213] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.15.17610986931350.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765461031212, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:31.213] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:50:31.213] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:31.213] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:33.017] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26521 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.16.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.16.17610986931350.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T055032Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=fb4d19716ff54f0524a4c29b6be2304d3b57d6c3bc3b2d9c17a35de50887b76b"} [2025-12-11 13:50:33.017] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:33.017] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:33.017] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:33.017] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:33.017] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:33.017] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:34.984] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.16.17610986931350.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765461034983, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:34.984] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:50:34.984] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:34.984] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:36.475] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26522 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.17.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.17.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T055036Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f857814041628e966a9ea143b9ce936dd93d57320291dbde8ab695c69e005c80"} [2025-12-11 13:50:36.475] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:36.475] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:36.475] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:36.475] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:36.475] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:36.475] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:37.792] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.17.17610986931350.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765461037791, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:37.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 13:50:37.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:37.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:39.609] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26523 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.18.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.18.17610986931350.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b8fc2c89cba8e0d3a49e217017fd483ddee26897221b6da910235eaeb89a4ead&X-Amz-Date=20251211T055039Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:50:39.609] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:39.609] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:39.609] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:39.609] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:39.609] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:39.609] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:41.002] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.18.17610986931350.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765461041001, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:41.002] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:50:41.002] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:41.002] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:42.767] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26524 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.19.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.19.17610986931350.jsonl?X-Amz-Signature=49101a450dc40144d0e3dee2dc3933a736713b2554d680acc8442a03515ff66c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055042Z&X-Amz-SignedHeaders=host"} [2025-12-11 13:50:42.767] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:42.768] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:42.768] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:42.768] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:42.768] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:42.768] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:43.981] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.19.17610986931350.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765461043980, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:43.981] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:50:43.981] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:43.981] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:45.968] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24863 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.20.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.20.17610986931350.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055045Z&X-Amz-Expires=604800&X-Amz-Signature=0f8f47a615ad667178c84c323e7bfdadb916a5ddf0711f0d68b7be56e932a6cd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 13:50:45.969] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:45.969] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:47.211] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.20.17610986931350.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765461047210, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 13:50:47.211] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:50:47.211] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:47.211] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:49.103] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25280 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.21.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.21.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0e3f807a9b0e2db9a00b55e981a8ba465fdbd049404bf52045ea01160d48a180&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T055048Z"} [2025-12-11 13:50:49.103] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:49.103] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:49.103] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:49.103] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:49.103] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:49.104] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:50.570] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.21.17610986931350.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765461050569, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:50.570] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:50:52.298] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24864 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.2.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.2.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055051Z&X-Amz-SignedHeaders=host&X-Amz-Signature=4f61ceeaabfce04c95b6c7b3493a00239d90c7a05bbc36cd76063c9a03d3b0e1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 13:50:52.298] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:52.298] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:52.298] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:52.298] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:52.298] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:52.299] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:54.211] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.2.17610986931350.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765461054210, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:54.211] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:50:54.211] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:54.211] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:55.813] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26525 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.22.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.22.17610986931350.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055055Z&X-Amz-Expires=604800&X-Amz-Signature=1f754f4c399b16da905d570b439c6525751b4dab944022bd5ee00b1411936f16&X-Amz-SignedHeaders=host"} [2025-12-11 13:50:55.813] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:55.813] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:55.814] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:55.814] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:55.814] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:55.814] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:50:57.116] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.22.17610986931350.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765461057115, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:50:57.116] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:50:57.116] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:50:57.116] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:50:59.661] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26526 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.23.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.23.17610986931350.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T055059Z&X-Amz-Signature=f325bc4a159ff02e9a8627ce97a5397c3008d7455a5095c74badc462d8f56427&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:50:59.661] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:50:59.661] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:50:59.661] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:50:59.661] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:50:59.661] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:50:59.662] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:01.192] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.23.17610986931350.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765461061191, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:01.192] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:51:01.192] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:01.192] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:02.887] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26527 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.24.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.24.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055102Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0010c716e85484f531373d16d41f34d1782db582d1c94938676c25f812afb14f&X-Amz-Expires=604800"} [2025-12-11 13:51:02.887] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:02.887] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:02.888] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:02.888] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:02.888] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:02.889] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:04.175] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.24.17610986931350.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765461064174, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:04.176] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:51:04.176] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:04.176] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:06.322] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25281 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.25.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.25.17610986931350.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055105Z&X-Amz-SignedHeaders=host&X-Amz-Signature=6622af5064a5b7046aea0c27f0a73433cd6a85988fb358601993f63c89fe903f&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 13:51:06.322] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:06.322] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:06.322] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:06.322] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:06.322] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:06.323] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:07.645] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.25.17610986931350.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765461067644, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:07.645] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:51:07.645] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:07.645] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:09.572] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26528 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.26.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.26.17610986931350.jsonl?X-Amz-Expires=604800&X-Amz-Signature=897505d40a8c5fa6258e91efbd7ce0353006afc9163e0ead0a068b540b69f0a8&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055109Z"} [2025-12-11 13:51:09.572] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:09.572] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:09.573] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:09.573] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:09.573] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:09.573] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:11.230] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.26.17610986931350.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765461071229, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:11.230] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 13:51:11.230] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:11.230] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:12.801] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26529 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.3.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.3.17610986931350.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055112Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9579bf0d9163fcb1b195e5c367fcd171f839681578ecfff352614af10292d86e&X-Amz-Expires=604800"} [2025-12-11 13:51:12.801] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:12.801] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:12.802] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:12.802] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:12.802] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:12.802] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:15.022] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.3.17610986931350.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765461075021, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:15.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:51:15.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:15.022] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:15.931] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25282 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.4.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.4.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T055115Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=17e92bee6defbaa0660159c24c66d4505568494bce9c073575f81abe2691b81a"} [2025-12-11 13:51:15.931] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:15.931] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:15.931] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:15.931] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:15.931] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:15.932] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:17.080] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.4.17610986931350.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765461077079, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:17.080] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 13:51:19.469] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25283 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.5.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.5.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055119Z&X-Amz-SignedHeaders=host&X-Amz-Signature=31316b7955fcca3bf140c71f6f691aa87ead38eb8bd49a1e3e06167b91b5104c&X-Amz-Expires=604800"} [2025-12-11 13:51:19.469] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:19.469] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:19.470] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:19.470] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:19.470] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:19.470] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:20.864] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.5.17610986931350.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765461080863, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:20.864] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 13:51:20.864] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:20.864] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:22.612] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24865 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.6.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.6.17610986931350.jsonl?X-Amz-Date=20251211T055122Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1a557441c53f7f8a0141ffd84b2c9b62b33c4839689057e96e1a399d89619caa&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 13:51:22.612] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:22.612] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:22.612] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:22.612] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:22.612] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:22.612] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:23.564] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.6.17610986931350.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765461083563, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:23.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:51:23.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:23.564] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:25.817] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26530 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.7.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.7.17610986931350.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T055125Z&X-Amz-Expires=604800&X-Amz-Signature=a8174c3d357e4084a91f8a96aad394fc5bef52e42b7d363235dc9336daca1c3f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 13:51:25.817] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:25.817] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:25.817] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:25.817] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:25.817] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:25.818] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:27.165] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.7.17610986931350.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765461087164, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:27.165] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 13:51:27.165] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:27.165] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:29.005] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24866 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.8.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.8.17610986931350.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=efa4eef86545a020ab77b47cc99f20292235bc192b477f96fbc151d00551bd60&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T055128Z"} [2025-12-11 13:51:29.005] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:29.005] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:29.006] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:29.006] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:29.006] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:29.006] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:30.387] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.8.17610986931350.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765461090386, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:30.387] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 13:51:30.387] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:30.387] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:51:32.198] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26531 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.17610986931350.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.17610986931350.jsonl?X-Amz-Date=20251211T055131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c957a10fe67f31c798dc19ce28daa3173176266195c73bf983a2cbeac95acb07&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 13:51:32.199] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:51:32.199] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:51:32.199] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:51:32.199] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:51:32.199] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:51:32.199] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:51:33.561] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.17610986931350.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765461093561, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 13:51:33.562] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 13:51:33.562] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 13:51:33.562] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 13:55:57.783] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26532 key: NULL payload: {"bucket":"2025-12-11","object":"13/output/cnn/alert.pcap.9.1765432549.jsonl","url":"http://111.32.12.11:9000/2025-12-11/13/output/cnn/alert.pcap.9.1765432549.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f68f5fcb3fa03eff240d0ce2ab694161a053c913ab90f1e3e7053973c1d79679&X-Amz-Date=20251211T055557Z"} [2025-12-11 13:55:57.783] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 13:55:57.783] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 13:55:57.783] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 13:55:57.783] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 13:55:57.783] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 13:55:57.784] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 13:55:57.792] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:13/output/cnn/alert.pcap.9.1765432549.jsonl|result:{"code": 0, "total_count": 0, "abnormal_count": 0, "normal_count": 0, "alert_count": 0, "timestamp": 1765461357791, "module": "anquanchu", "alerted": false, "details": []} [2025-12-11 13:55:57.792] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:01:17.876] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24867 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.5.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.5.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=fceee970c64e49a510f090954039bdfc3e7fa23b2dfe0c7f236e880031b5e359&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T060116Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:01:17.876] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:17.876] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:17.876] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:17.876] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:17.876] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:17.877] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:19.252] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.5.17610986931400.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765461679251, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:19.252] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26533 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.20.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.20.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T060118Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=526263a2d6c2ca58c31e50a7a889f5018eba0434211bc82824d01c1a42a3dd3c"} [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:19.252] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:20.457] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.20.17610986931400.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765461680457, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:20.458] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26534 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.26.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.26.17610986931400.jsonl?X-Amz-Date=20251211T060118Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=de44fa707e6601d7abe9a3263055abb2ab789e8587d14cdc2155a3642663ae4c"} [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:20.458] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:22.132] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.26.17610986931400.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765461682131, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:22.132] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25284 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.14.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.14.17610986931400.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=d40cdee89fa89d4d73aab39998a1e1f9f9701ce3ec5ee7fb863672786f4b5227&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T060119Z"} [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:22.132] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:23.715] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.14.17610986931400.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765461683714, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:23.715] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26535 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.8.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.8.17610986931400.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=034e195e8efe827a69c09204a0181fae398858eecc5ece5c9fdc9a9717acf71e&X-Amz-Date=20251211T060119Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:23.715] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:25.113] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.8.17610986931400.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765461685112, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:25.113] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25285 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.22.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.22.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=1ff8888519367e7806ff55ab2dc44f60dbb24e4da4fe9a732e0860c478bce2ce&X-Amz-Date=20251211T060120Z&X-Amz-SignedHeaders=host"} [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:25.113] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:25.114] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:26.589] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.22.17610986931400.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765461686588, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:26.589] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26536 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.25.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.25.17610986931400.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T060121Z&X-Amz-Signature=a72d03a4b84a249968913478d8647dc0d85a14fb8a20b851ca3f63dd865d23dd&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:26.589] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:26.590] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:27.900] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.25.17610986931400.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765461687899, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:27.900] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25286 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.17.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.17.17610986931400.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T060121Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d921f8a836bc1424d1ebc6336ac881073019d139640d198fca0a58aa16f6e47e&X-Amz-Expires=604800"} [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:27.900] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:29.216] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.17.17610986931400.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765461689215, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:29.216] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25287 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.21.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.21.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a4e3d78cd4caa52592375a54e73463dfe20f798b5c23a1b89e16a4bfb228bfc4&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T060122Z"} [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:29.216] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:30.671] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.21.17610986931400.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765461690670, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:30.671] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:01:30.671] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24868 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.15.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.15.17610986931400.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T060122Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=a67880ba74a395f955d26f0402774b66fd78a53c968f773d7850581282213d42"} [2025-12-11 14:01:30.671] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:30.671] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:30.672] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:30.672] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:30.672] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:30.672] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:32.193] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.15.17610986931400.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765461692192, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:32.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:01:32.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:32.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:32.193] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25288 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.4.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.4.17610986931400.jsonl?X-Amz-Date=20251211T060123Z&X-Amz-Signature=f92a8ddcc2ceab01e72bc80d4d28455a76ad052fd075e71bfa7172a525147126&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:01:32.193] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:32.193] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:32.193] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:32.194] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:32.194] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:32.194] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:33.350] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.4.17610986931400.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765461693349, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:01:33.350] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25289 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.19.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.19.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T060123Z&X-Amz-Signature=af70102941977a3451e0108be9eee1c7003064fa9dfd306eed5765544d6ae4e3"} [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:33.350] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:34.580] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.19.17610986931400.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765461694579, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:34.580] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25290 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.10.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.10.17610986931400.jsonl?X-Amz-Date=20251211T060124Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ce0dc79dc9780b56e256b748bb3ce009edf79aec3422143fb83267cafe496790&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:34.580] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:35.892] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.10.17610986931400.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765461695891, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:35.892] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25291 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.13.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.13.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T060124Z&X-Amz-SignedHeaders=host&X-Amz-Signature=5b5a1aca40cb975b60d90be1c0bc533f4b216d886e92929164fe6bbdcb899ca6"} [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:35.892] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:37.703] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.13.17610986931400.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765461697702, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:37.703] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:37.703] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:37.703] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:37.703] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25292 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.6.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.6.17610986931400.jsonl?X-Amz-Signature=8cd4ab38d5564dfe2d1d405e39f0df6c1a12fa85db383e6d1f61a769650d94b4&X-Amz-Date=20251211T060125Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 14:01:37.703] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:37.703] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:37.704] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:37.704] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:37.704] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:37.704] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:38.647] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.6.17610986931400.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765461698646, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}]} [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:38.647] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25293 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.18.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.18.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T060126Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=be36b52d0d26ea77e191860c3328f75923277f1b15f77a47b57f9a1c5247d9e4"} [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:38.647] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:39.963] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.18.17610986931400.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765461699962, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:39.963] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26537 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.3.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.3.17610986931400.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T060126Z&X-Amz-Expires=604800&X-Amz-Signature=3d811ea700b36ccb36d8a766a95293ffbe9a77c1fbf607a06e671990a031991d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:39.963] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:39.964] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:42.206] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.3.17610986931400.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765461702204, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:42.206] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26538 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.23.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.23.17610986931400.jsonl?X-Amz-Signature=8cebfb5e9ff618705b31ad07aef1795356d43fa61a2bd0ab7b0d037bf694b59a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T060127Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:42.206] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:43.730] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.23.17610986931400.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765461703730, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:43.731] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24869 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.9.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.9.17610986931400.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T060127Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ae6d168a57503601d0c6b969bd96a4b7f51bbd52fd002fb3be00279ef3f875e8"} [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:43.731] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:45.091] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.9.17610986931400.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765461705090, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:45.091] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24870 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.16.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.16.17610986931400.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T060128Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6b756c25239ec9aa412ea06de0c44d2f571bb1a5ef6cdba06cab06b56dc718df"} [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:45.091] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:46.961] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.16.17610986931400.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765461706960, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:46.961] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26539 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.11.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.11.17610986931400.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T060128Z&X-Amz-Signature=ad5ff508ed1efb70a74c109ebd3b21216406fd20028d492542bcc60ed95160ef"} [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:46.961] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:46.962] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:48.410] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.11.17610986931400.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765461708409, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:48.410] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25294 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.1.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.1.17610986931400.jsonl?X-Amz-Date=20251211T060129Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=75a88d0ac594f11811417998d957dc0dbdf69f0810dc3062482b024e1468f8a4"} [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:48.410] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:50.082] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.1.17610986931400.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765461710082, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:50.083] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25295 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.2.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.2.17610986931400.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T060129Z&X-Amz-Signature=b1567b4d389d039d7785fc069eeb8d1872e5e01e03a0900947dc9aa19ff35f04&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:50.083] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:52.041] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.2.17610986931400.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765461712040, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:52.041] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:52.041] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:52.041] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:52.041] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24871 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.24.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.24.17610986931400.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b29ec9f6e007d8fb7bc64e08cfab81029d255a2d4f7454774fe0518cd33a57fd&X-Amz-Date=20251211T060130Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:01:52.041] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:52.042] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:52.042] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:52.042] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:52.042] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:52.042] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:53.391] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.24.17610986931400.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765461713390, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:53.391] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25296 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.12.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.12.17610986931400.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e6f1e24dc2b9703dd8df0f28f5e724dbafacf99771118d66237e59771b47ed20&X-Amz-Expires=604800&X-Amz-Date=20251211T060131Z"} [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:53.391] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:53.392] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:55.039] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.12.17610986931400.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765461715038, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:01:55.039] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26540 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.7.17610986931400.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.7.17610986931400.jsonl?X-Amz-Expires=604800&X-Amz-Signature=9702bc69b7d41d15cedcf80e2d00da04b086e5638fe8245e068924e6c7875835&X-Amz-Date=20251211T060131Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:01:55.039] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:01:55.040] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:01:56.332] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.7.17610986931400.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765461716331, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:01:56.332] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:01:56.332] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:01:56.332] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:21.154] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26541 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.10.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.10.17610986931410.jsonl?X-Amz-Date=20251211T061020Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=e53421c3c4e73b39f3c18d460fd72f43cfeb500d980980eb7b9a3e666990fc7a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:10:21.154] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:21.154] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:21.154] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:21.154] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:21.154] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:21.155] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:22.504] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.10.17610986931410.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765462222503, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:22.504] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 14:10:22.504] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:22.504] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:24.299] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24872 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.11.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.11.17610986931410.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c32e91b5ae76bd7e38735c885e03a710c094c156bb3bd15e6618fdb5f63b7ef3&X-Amz-Date=20251211T061023Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 14:10:24.299] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:24.299] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:24.299] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:24.299] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:24.299] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:24.300] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:25.764] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.11.17610986931410.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765462225763, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:25.764] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:10:25.764] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:25.764] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:27.474] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25297 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.1.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.1.17610986931410.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b08b67e6390fbd8f4cc4ae2114677ce5f3be987e0d938ecdece98a4a1ff63e0a&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061027Z"} [2025-12-11 14:10:27.474] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:27.474] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:27.474] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:27.474] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:27.474] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:27.475] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:29.151] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.1.17610986931410.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765462229150, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}]} [2025-12-11 14:10:29.151] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:10:29.151] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:29.151] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:30.679] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26542 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.12.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.12.17610986931410.jsonl?X-Amz-Signature=3430667ea88b1f935c6f77fb393b417b16d2d1c8fb156ed32f6c385374634536&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T061030Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 14:10:30.679] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:30.679] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:30.679] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:30.679] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:30.679] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:30.680] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:32.327] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.12.17610986931410.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765462232326, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:32.327] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:10:32.327] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:32.327] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:33.900] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24873 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.13.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.13.17610986931410.jsonl?X-Amz-Signature=f1525d7e6cf08ebb3b7b082b71008926833739f7c61697bef8d4fb02ff34d5e9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T061033Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-11 14:10:33.900] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:33.900] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:33.900] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:33.900] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:33.900] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:33.901] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:35.633] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.13.17610986931410.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765462235632, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:35.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:10:35.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:35.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:37.298] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24874 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.14.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.14.17610986931410.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=18b9febac0a113e7612aeb3056f817bdd18b381db362b3664f8dc052c06a84e1&X-Amz-Date=20251211T061036Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:10:37.298] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:37.298] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:37.298] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:37.298] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:37.298] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:37.299] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:38.907] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.14.17610986931410.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765462238906, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:38.907] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:10:38.907] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:38.907] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:40.422] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24875 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.15.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.15.17610986931410.jsonl?X-Amz-Date=20251211T061040Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5278a0e4dee2b5126ab640d635d99b0dad2ed564951b80dc86e5a314c221cd7f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 14:10:40.422] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:40.422] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:40.423] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:40.423] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:40.423] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:40.424] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:41.951] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.15.17610986931410.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765462241950, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:41.951] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:10:41.951] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:41.951] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:43.766] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25298 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.16.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.16.17610986931410.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061043Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1ef1d6ec99f3391e7c65c4b5cf45583faf61e94ec179ab2ca4e8bccace73d4fd"} [2025-12-11 14:10:43.766] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:43.766] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:43.766] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:43.766] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:43.766] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:43.767] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:45.686] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.16.17610986931410.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765462245685, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:45.686] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:10:45.686] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:45.686] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:47.239] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25299 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.17.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.17.17610986931410.jsonl?X-Amz-Date=20251211T061046Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=e1d3fa3f9f4dfa305021ecd725db4c705b6224c9bdbe1ca0b2d90e4997ae4402&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:10:47.239] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:47.239] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:47.239] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:47.239] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:47.239] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:47.239] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:48.599] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.17.17610986931410.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765462248598, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 14:10:48.599] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 14:10:48.599] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:48.599] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:50.374] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25300 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.18.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.18.17610986931410.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d298cf0b0053c40af13b36d7bcc629be5fb10ddb2b49b4906ade609d4db674d4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061049Z&X-Amz-Expires=604800"} [2025-12-11 14:10:50.374] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:50.374] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:50.374] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:50.374] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:50.374] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:50.375] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:51.743] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.18.17610986931410.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765462251742, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:51.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:10:51.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:51.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:53.511] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26543 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.19.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.19.17610986931410.jsonl?X-Amz-Date=20251211T061053Z&X-Amz-Signature=a012ff952c614797a82152798e76b80b4fdf5befe3824bc1622d77a462b1f7e0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:10:53.511] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:53.511] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:53.512] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:53.512] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:53.512] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:53.512] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:54.738] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.19.17610986931410.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765462254737, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:54.738] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:10:54.738] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:54.738] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:56.694] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24876 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.20.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.20.17610986931410.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061056Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=6694feb416d216d8178e09b5686fdab5dc90ef63732c5b5503e94bce477bbc5a&X-Amz-SignedHeaders=host"} [2025-12-11 14:10:56.694] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:56.694] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:56.694] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:56.694] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:56.694] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:56.694] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:10:57.860] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.20.17610986931410.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765462257859, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:10:57.860] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:10:57.860] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:10:57.860] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:10:59.839] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24877 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.21.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.21.17610986931410.jsonl?X-Amz-Signature=9f26b033337085c3406e57ac0a4d742da13c611c6d68cf67a4a62e82233c7ac6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T061059Z"} [2025-12-11 14:10:59.839] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:10:59.839] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:10:59.840] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:10:59.840] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:10:59.840] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:10:59.840] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:01.297] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.21.17610986931410.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765462261296, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:01.297] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:11:03.038] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25301 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.2.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.2.17610986931410.jsonl?X-Amz-Date=20251211T061102Z&X-Amz-Signature=ecd6d4c9dcd8e991b68dc34685466e2a9deeff87e1e2aa7b04c35cb5fe42dfe3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:11:03.038] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:03.038] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:03.038] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:03.038] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:03.038] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:03.038] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:04.972] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.2.17610986931410.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765462264971, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:04.972] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:11:04.972] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:04.972] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:06.453] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26544 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.22.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.22.17610986931410.jsonl?X-Amz-Signature=0a1271225e4b65d715400e16671f2727379eaa8c21fffbe2ff7bd9da368fb505&X-Amz-Date=20251211T061106Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:11:06.453] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:06.453] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:06.453] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:06.453] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:06.453] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:06.453] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:07.735] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.22.17610986931410.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765462267734, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:07.735] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:11:07.735] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:07.735] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:10.296] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26545 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.23.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.23.17610986931410.jsonl?X-Amz-Date=20251211T061109Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=83a4042e46b8a3a5068c297cebe3a716987501df75bf01ac7cf894e7ad6fc3d7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 14:11:10.296] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:10.296] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:10.297] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:10.297] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:10.297] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:10.297] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:11.848] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.23.17610986931410.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765462271847, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:11.848] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:11:11.848] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:11.848] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:13.541] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25302 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.24.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.24.17610986931410.jsonl?X-Amz-Date=20251211T061113Z&X-Amz-Signature=00276ce805b2d37181afa21a36f5470eeb2127bd96fa755690d067df21b4f147&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:11:13.541] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:13.541] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:13.541] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:13.541] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:13.541] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:13.542] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:14.831] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.24.17610986931410.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765462274830, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 14:11:14.831] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:11:14.831] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:14.831] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:16.972] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26546 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.25.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.25.17610986931410.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c31b0226708ed7d2a02919ed6b18404b79107efd188ee3a04b9a0f7643f7fcb1&X-Amz-Date=20251211T061116Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:11:16.972] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:16.972] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:16.973] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:16.973] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:16.973] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:16.974] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:18.281] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.25.17610986931410.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765462278281, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 14:11:18.281] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:11:18.281] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:18.282] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:20.212] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24878 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.26.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.26.17610986931410.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c5c79c47e24994c2f460b869aef5e0572e0a8f196ef95ee5e4d2e282bd5e705c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061119Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:11:20.212] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:20.212] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:20.213] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:20.213] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:20.213] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:20.214] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:21.893] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.26.17610986931410.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765462281892, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:21.893] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:11:21.893] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:21.893] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:23.440] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26547 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.3.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.3.17610986931410.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061123Z&X-Amz-Signature=ab525738eef6438060ba8089230fee4634b02ec96b1d9803134c3d21f3d4bf5d"} [2025-12-11 14:11:23.440] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:23.440] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:23.440] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:23.440] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:23.440] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:23.441] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:25.680] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.3.17610986931410.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765462285679, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:25.680] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 14:11:25.680] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:25.680] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:26.569] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24879 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.4.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.4.17610986931410.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T061126Z&X-Amz-Expires=604800&X-Amz-Signature=69b4047fa75e8023cf53ec237f78ef166ac62ddc427686f0384db8093860881d"} [2025-12-11 14:11:26.570] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:26.570] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:26.570] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:26.570] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:26.570] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:26.570] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:27.719] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.4.17610986931410.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765462287719, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:27.720] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:11:30.081] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26548 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.5.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.5.17610986931410.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061129Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9e0c20e1b4acf4ba4c961fccbebf3c3a234a5311301d1180c80f3d0712c5cc32"} [2025-12-11 14:11:30.081] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:30.081] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:30.081] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:30.081] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:30.081] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:30.082] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:31.462] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.5.17610986931410.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765462291461, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:31.462] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 14:11:31.462] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:31.462] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:33.221] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25303 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.6.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.6.17610986931410.jsonl?X-Amz-Signature=51c60db80392d3ebd04a56855f6974d864acc2fdb2bc50cc44992bcacbcfe8db&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T061132Z"} [2025-12-11 14:11:33.221] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:33.221] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:33.221] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:33.221] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:33.221] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:33.222] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:34.138] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.6.17610986931410.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765462294137, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:34.138] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:11:34.138] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:34.138] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:36.442] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24880 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.7.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.7.17610986931410.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T061136Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0b4b09018042aed5e2543e41a1c542d735e36a176871e8e86f1b1194e7dac139"} [2025-12-11 14:11:36.442] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:36.442] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:36.442] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:36.442] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:36.442] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:36.442] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:37.672] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.7.17610986931410.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765462297672, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:37.672] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:11:37.673] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:37.673] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:39.633] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26549 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.8.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.8.17610986931410.jsonl?X-Amz-Signature=8ffc41ad62c1b715dc65b5cd80c691311f16e6c77f9ec7ecd2350607438dc517&X-Amz-Date=20251211T061139Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:11:39.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:39.633] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:39.633] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:39.634] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:39.634] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:39.634] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:40.979] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.8.17610986931410.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765462300978, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:40.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:11:40.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:40.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:11:42.831] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25304 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.9.17610986931410.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.9.17610986931410.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T061142Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=320f505ca55951fe911b33bdd1263f36c4146ee5cd91855f74a4da1a16bbfe94&X-Amz-SignedHeaders=host"} [2025-12-11 14:11:42.831] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:11:42.831] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:11:42.831] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:11:42.831] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:11:42.831] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:11:42.832] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:11:44.190] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.9.17610986931410.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765462304190, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:11:44.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:11:44.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:11:44.190] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:14:53.904] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24881 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.1.1765433552.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.1.1765433552.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4ccc173894449c8c59a11da6ea0485ac97e2b27c0af3cfacc35675e233511f8a&X-Amz-Date=20251211T061453Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:14:53.904] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:14:53.904] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:14:53.904] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:14:53.904] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:14:53.904] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:14:53.905] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:14:54.031] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.1.1765433552.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462494031, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433571309146, "etime": 1765433571309146, "src_ip": "221.193.246.195", "dest_ip": "192.168.83.128", "src_port": 443, "dest_port": 49770, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:14:54.031] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:17:09.516] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25305 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.16.1765433571.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.16.1765433571.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=50c3da91a38fe75704ebf0f1188ae36bef126c0354f43f4b51ab77ade849be0c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T061709Z&X-Amz-Expires=604800"} [2025-12-11 14:17:09.516] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:17:09.516] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:17:09.516] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:17:09.516] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:17:09.516] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:17:09.517] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:17:09.651] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.16.1765433571.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462629650, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433820204411, "etime": 1765433820204411, "src_ip": "184.50.36.66", "dest_ip": "192.168.83.128", "src_port": 443, "dest_port": 49800, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:17:09.651] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:18:00.523] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25306 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.22.1765433569.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.22.1765433569.jsonl?X-Amz-Signature=5d951dbf678d77af8b1c0df6189b5eaf7bbf68109d2209bedabdf4ebe5748093&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T061759Z&X-Amz-SignedHeaders=host"} [2025-12-11 14:18:00.523] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:18:00.523] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:18:00.524] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:18:00.524] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:18:00.524] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:18:00.525] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:18:00.654] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.22.1765433569.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462680654, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433871007609, "etime": 1765433871007609, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49777, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:18:00.655] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:18:34.525] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24882 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.15.1765433574.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.15.1765433574.jsonl?X-Amz-Date=20251211T061834Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=51cd459425f24ae3e8cc539e88affb6f7894b2ad7b6a4ba9426f322363cd4556"} [2025-12-11 14:18:34.525] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:18:34.525] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:18:34.525] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:18:34.525] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:18:34.525] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:18:34.526] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:18:34.656] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.15.1765433574.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462714655, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433905707047, "etime": 1765433905707047, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49786, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:18:34.656] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:18:47.025] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26550 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.21.1765433660.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.21.1765433660.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251211T061846Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0cdb4a5bb7bf3250be401faa048f974eadd1b97c0134e34efa4b2ac8026497da&X-Amz-Expires=604800"} [2025-12-11 14:18:47.026] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:18:47.026] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:18:47.026] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:18:47.026] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:18:47.026] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:18:47.027] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:18:47.229] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.21.1765433660.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765462727229, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433918447506, "etime": 1765433918447506, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49791, "protocol": "tls", "result": "Normal"}, {"stime": 1765433893333619, "etime": 1765433893333619, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49785, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:18:47.229] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:18:59.526] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24883 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.7.1765433547.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.7.1765433547.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0db6cb9154c1ca9d0f2efdd3f9b0e541c209bc09693b65c212077742f780e1fa&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T061859Z&X-Amz-SignedHeaders=host"} [2025-12-11 14:18:59.526] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:18:59.526] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:18:59.526] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:18:59.526] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:18:59.526] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:18:59.527] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:18:59.656] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.7.1765433547.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462739656, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433931063967, "etime": 1765433931063967, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49793, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:18:59.657] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:19:13.277] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24884 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.8.1765433570.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.8.1765433570.jsonl?X-Amz-Signature=6fdbcda274184d21cfe5729de013b6f20ca8b9dc46d0262090b5143facd647e6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T061912Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 14:19:13.278] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:19:13.278] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:19:13.278] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:19:13.278] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:19:13.278] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:19:13.278] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:19:13.472] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.8.1765433570.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765462753471, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433944140096, "etime": 1765433944140096, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49795, "protocol": "tls", "result": "Normal"}, {"stime": 1765433570137684, "etime": 1765433570137684, "src_ip": "116.130.184.97", "dest_ip": "192.168.83.128", "src_port": 443, "dest_port": 49766, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:19:13.472] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:19:19.527] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24885 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.19.1765433882.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.19.1765433882.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T061919Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=517c933560e11d3c54eabcd6df87a4db60e0d23a1415bd00a9e8b0176531810a&X-Amz-Expires=604800"} [2025-12-11 14:19:19.528] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:19:19.528] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:19:19.528] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:19:19.528] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:19:19.528] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:19:19.528] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:19:19.593] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.19.1765433882.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462759593, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433882597823, "etime": 1765433882597823, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49781, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:19:19.594] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:19:44.529] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25307 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.5.1765433741.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.5.1765433741.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3adcc315cf1f10a97dde931ffabc7d7111a88ce8048c3356d9669e296461c52a&X-Amz-Date=20251211T061944Z"} [2025-12-11 14:19:44.529] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:19:44.529] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:19:44.530] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:19:44.530] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:19:44.530] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:19:44.530] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:19:44.595] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.5.1765433741.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462784594, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433975772980, "etime": 1765433975772980, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49817, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:19:44.595] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:19:56.785] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26551 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.9.1765433819.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.9.1765433819.jsonl?X-Amz-Signature=3a6bf4cd64511d7ce387fb2da02afd0678c87c4c52aeafe247d5ba3cc92c23e1&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T061955Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 14:19:56.785] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:19:56.785] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:19:56.786] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:19:56.786] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:19:56.786] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:19:56.787] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:19:56.979] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.9.1765433819.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462796977, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433966072659, "etime": 1765433966072659, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49814, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:19:56.979] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:20:08.285] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25308 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.18.1765433531.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.18.1765433531.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=86279b0b65073258441dbf45f0d31341230bbf765eac954af1c59d9dd12f11f4&X-Amz-Date=20251211T062007Z"} [2025-12-11 14:20:08.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:08.285] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:08.285] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:08.285] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:08.285] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:08.286] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:08.413] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.18.1765433531.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462808412, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765433999229836, "etime": 1765433999229836, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49821, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:08.413] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:20:11.646] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26552 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.10.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.10.17610986931420.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2847b5f6184861e5e5c2dbb948dfda5a03483e8206f18d51c2ea770f81e9f86a&X-Amz-Date=20251211T062011Z"} [2025-12-11 14:20:11.646] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:11.646] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:11.647] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:11.647] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:11.647] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:11.647] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:12.999] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.10.17610986931420.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765462812998, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693209241, "etime": 1761098693209241, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50197, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693249724, "etime": 1761098693249724, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50510, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693248280, "etime": 1761098693248280, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50497, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693209390, "etime": 1761098693209390, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50202, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142226, "etime": 1761098693142226, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50106, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693246872, "etime": 1761098693246872, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50490, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209838, "etime": 1761098693209838, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50251, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133664, "etime": 1761098693133664, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50102, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693120966, "etime": 1761098693120966, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 49942, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693196185, "etime": 1761098693196185, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50155, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139130, "etime": 1761098693139130, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50105, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693249930, "etime": 1761098693249930, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50527, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209621, "etime": 1761098693209621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50247, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208980, "etime": 1761098693208980, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50180, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693241076, "etime": 1761098693241076, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50354, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119427, "etime": 1761098693119427, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49802, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242170, "etime": 1761098693242170, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50384, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693243022, "etime": 1761098693243022, "src_ip": "10.1.131.158", "dest_ip": "112.34.113.250", "src_port": 50417, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:12.999] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 14:20:12.999] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:12.999] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:14.794] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26553 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.11.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.11.17610986931420.jsonl?X-Amz-Date=20251211T062014Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=42829dcde1c19de5f882e362619f6c10323966b9a47d244b6af831bb514e4561&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 14:20:14.794] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:14.794] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:14.794] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:14.794] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:14.794] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:14.795] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:16.238] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.11.17610986931420.jsonl|result:{"code": 1, "total_count": 20, "abnormal_count": 1, "normal_count": 19, "alert_count": 1, "timestamp": 1765462816237, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693151795, "etime": 1761098693151795, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50176, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693203243, "etime": 1761098693203243, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50503, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175873, "etime": 1761098693175873, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50305, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212665, "etime": 1761098693212665, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50561, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130345, "etime": 1761098693130345, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50050, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204693, "etime": 1761098693204693, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50520, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204888, "etime": 1761098693204888, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50523, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188496, "etime": 1761098693188496, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50379, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49811, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151936, "etime": 1761098693151936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50179, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200044, "etime": 1761098693200044, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50494, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201413, "etime": 1761098693201413, "src_ip": "10.1.131.158", "dest_ip": "106.52.100.183", "src_port": 50502, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693145406, "etime": 1761098693145406, "src_ip": "10.1.131.158", "dest_ip": "36.143.199.172", "src_port": 50142, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190107, "etime": 1761098693190107, "src_ip": "10.1.131.158", "dest_ip": "57.155.120.218", "src_port": 50415, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193824, "etime": 1761098693193824, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50447, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196674, "etime": 1761098693196674, "src_ip": "10.1.131.158", "dest_ip": "13.107.253.49", "src_port": 50479, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117884, "etime": 1761098693117884, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49888, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192419, "etime": 1761098693192419, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50438, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204675, "etime": 1761098693204675, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50519, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205356, "etime": 1761098693205356, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50546, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:16.238] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:20:16.238] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:16.238] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:17.944] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26554 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.1.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.1.17610986931420.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9eb480a695559875b3851a172e7c53c495b88fb35fd85686d00385d22d0dad8f&X-Amz-Date=20251211T062017Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:20:17.944] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:17.944] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:17.945] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:17.945] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:17.945] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:17.945] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:19.569] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.1.17610986931420.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 3, "normal_count": 20, "alert_count": 3, "timestamp": 1765462819568, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693123114, "etime": 1761098693123114, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49977, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50380, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124039, "etime": 1761098693124039, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49978, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212915, "etime": 1761098693212915, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50607, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167050, "etime": 1761098693167050, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50236, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155008, "etime": 1761098693155008, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50203, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148396, "etime": 1761098693148396, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50161, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199621, "etime": 1761098693199621, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50526, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175234, "etime": 1761098693175234, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50297, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200707, "etime": 1761098693200707, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50548, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693154356, "etime": 1761098693154356, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50196, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213184, "etime": 1761098693213184, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50635, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180080, "etime": 1761098693180080, "src_ip": "10.1.131.158", "dest_ip": "123.249.12.207", "src_port": 50349, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693193959, "etime": 1761098693193959, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50451, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190158, "etime": 1761098693190158, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49694, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148123, "etime": 1761098693148123, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50154, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196992, "etime": 1761098693196992, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50487, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693199305, "etime": 1761098693199305, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50511, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213440, "etime": 1761098693213440, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50660, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693181860, "etime": 1761098693181860, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50352, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182944, "etime": 1761098693182944, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50355, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172474, "etime": 1761098693172474, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50246, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114642, "etime": 1761098693114642, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.100", "src_port": 49783, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:19.569] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:20:19.569] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:19.569] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:21.145] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25309 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.12.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.12.17610986931420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0df9a8b064cb701a768f29c0d381202f8540e94eab9c398292dbb06ef47d6c31&X-Amz-Date=20251211T062020Z"} [2025-12-11 14:20:21.145] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:21.145] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:21.145] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:21.145] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:21.145] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:21.146] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:22.805] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.12.17610986931420.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 2, "normal_count": 21, "alert_count": 2, "timestamp": 1765462822804, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693119031, "etime": 1761098693119031, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49918, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121530, "etime": 1761098693121530, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49801, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133489, "etime": 1761098693133489, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50098, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187030, "etime": 1761098693187030, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50312, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693171449, "etime": 1761098693171449, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50256, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188488, "etime": 1761098693188488, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50325, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189089, "etime": 1761098693189089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50327, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198707, "etime": 1761098693198707, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50517, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144239, "etime": 1761098693144239, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50135, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693130024, "etime": 1761098693130024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50036, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207544, "etime": 1761098693207544, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50596, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130340, "etime": 1761098693130340, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50048, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130715, "etime": 1761098693130715, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50063, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186134, "etime": 1761098693186134, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50289, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192933, "etime": 1761098693192933, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50446, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117500, "etime": 1761098693117500, "src_ip": "10.1.131.158", "dest_ip": "43.132.242.154", "src_port": 49882, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136004, "etime": 1761098693136004, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50115, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186157, "etime": 1761098693186157, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50290, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130232, "etime": 1761098693130232, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50043, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189957, "etime": 1761098693189957, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50374, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199094, "etime": 1761098693199094, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50524, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205421, "etime": 1761098693205421, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50563, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693185006, "etime": 1761098693185006, "src_ip": "10.1.131.158", "dest_ip": "120.46.51.20", "src_port": 50273, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 14:20:22.805] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:20:22.805] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:22.805] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:24.306] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24886 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.13.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.13.17610986931420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6766f2b35d34362f0b10476c88becbc6df21536f10698796537493e5e5f66d7a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062023Z&X-Amz-Expires=604800"} [2025-12-11 14:20:24.306] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:24.306] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:24.306] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:24.306] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:24.306] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:24.307] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:26.167] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.13.17610986931420.jsonl|result:{"code": 1, "total_count": 25, "abnormal_count": 2, "normal_count": 23, "alert_count": 2, "timestamp": 1765462826166, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693150337, "etime": 1761098693150337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50167, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50602, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136445, "etime": 1761098693136445, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50035, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196813, "etime": 1761098693196813, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50483, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129721, "etime": 1761098693129721, "src_ip": "10.1.131.158", "dest_ip": "111.31.22.3", "src_port": 49941, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693129700, "etime": 1761098693129700, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49939, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131129, "etime": 1761098693131129, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50009, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174352, "etime": 1761098693174352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50276, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174509, "etime": 1761098693174509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50283, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184936, "etime": 1761098693184936, "src_ip": "10.1.131.158", "dest_ip": "150.171.29.11", "src_port": 50366, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136802, "etime": 1761098693136802, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50074, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208521, "etime": 1761098693208521, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49842, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210305, "etime": 1761098693210305, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50657, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136321, "etime": 1761098693136321, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50029, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189403, "etime": 1761098693189403, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50405, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200801, "etime": 1761098693200801, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50550, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147755, "etime": 1761098693147755, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50150, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197188, "etime": 1761098693197188, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50493, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198354, "etime": 1761098693198354, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50507, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208894, "etime": 1761098693208894, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50629, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112566, "etime": 1761098693112566, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49856, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693148135, "etime": 1761098693148135, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50153, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155116, "etime": 1761098693155116, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50206, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174463, "etime": 1761098693174463, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50280, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184823, "etime": 1761098693184823, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50364, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:26.167] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:20:26.167] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:26.167] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:27.670] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26555 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.14.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.14.17610986931420.jsonl?X-Amz-Date=20251211T062027Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6b9ddf4995eac64af44c2a49419ba88ad644a74726299780ebf4fe58747818f6&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:20:27.670] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:27.670] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:27.670] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:27.671] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:27.671] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:27.671] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:29.285] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.14.17610986931420.jsonl|result:{"code": 1, "total_count": 22, "abnormal_count": 2, "normal_count": 20, "alert_count": 2, "timestamp": 1765462829284, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693131302, "etime": 1761098693131302, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50045, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113882, "etime": 1761098693113882, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49858, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266690, "etime": 1761098693266690, "src_ip": "10.1.131.158", "dest_ip": "150.171.28.10", "src_port": 50547, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132494, "etime": 1761098693132494, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50075, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266174, "etime": 1761098693266174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50488, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214355, "etime": 1761098693214355, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50350, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133138, "etime": 1761098693133138, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50087, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265255, "etime": 1761098693265255, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50462, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693264999, "etime": 1761098693264999, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50431, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693263695, "etime": 1761098693263695, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.61", "src_port": 50406, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166471, "etime": 1761098693166471, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50232, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693183371, "etime": 1761098693183371, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50282, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153210, "etime": 1761098693153210, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50185, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147737, "etime": 1761098693147737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50148, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693184339, "etime": 1761098693184339, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50299, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265322, "etime": 1761098693265322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50464, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693266415, "etime": 1761098693266415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50509, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693147787, "etime": 1761098693147787, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50151, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125418, "etime": 1761098693125418, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50008, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693268759, "etime": 1761098693268759, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50628, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693265936, "etime": 1761098693265936, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50481, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183231, "etime": 1761098693183231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50277, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:29.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:20:29.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:29.285] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:30.789] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26556 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.15.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.15.17610986931420.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T062030Z&X-Amz-Expires=604800&X-Amz-Signature=d293a11fefd4e0530b698e4bf862d2108f27995fa2bfc7fd88a54397ccbc8b17&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:20:30.789] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:30.789] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:30.789] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:30.789] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:30.789] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:30.790] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:32.332] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.15.17610986931420.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 3, "normal_count": 18, "alert_count": 3, "timestamp": 1765462832331, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693200375, "etime": 1761098693200375, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50542, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693154090, "etime": 1761098693154090, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50192, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693120496, "etime": 1761098693120496, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49899, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175720, "etime": 1761098693175720, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50300, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117276, "etime": 1761098693117276, "src_ip": "10.1.131.158", "dest_ip": "111.31.241.198", "src_port": 49881, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693121351, "etime": 1761098693121351, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49914, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198231, "etime": 1761098693198231, "src_ip": "10.1.131.158", "dest_ip": "124.70.37.167", "src_port": 50505, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693175581, "etime": 1761098693175581, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50298, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200005, "etime": 1761098693200005, "src_ip": "10.1.131.158", "dest_ip": "172.175.38.6", "src_port": 50508, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130505, "etime": 1761098693130505, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50061, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192965, "etime": 1761098693192965, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50427, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193961, "etime": 1761098693193961, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50442, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197043, "etime": 1761098693197043, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50489, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195415, "etime": 1761098693195415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50452, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190025, "etime": 1761098693190025, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50418, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192033, "etime": 1761098693192033, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50426, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116857, "etime": 1761098693116857, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49878, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133202, "etime": 1761098693133202, "src_ip": "10.1.131.158", "dest_ip": "13.107.213.50", "src_port": 50090, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196374, "etime": 1761098693196374, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 50474, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200024, "etime": 1761098693200024, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50516, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693183934, "etime": 1761098693183934, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50358, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:32.332] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:20:32.332] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:32.332] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:34.148] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24887 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.16.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.16.17610986931420.jsonl?X-Amz-Signature=b7341cd5513bd799da5cd11fc178fa97825c8373503bfa25b96dd08374f627d1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062033Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 14:20:34.148] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:34.149] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:34.149] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:34.149] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:34.149] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:34.149] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:36.017] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.16.17610986931420.jsonl|result:{"code": 1, "total_count": 26, "abnormal_count": 5, "normal_count": 21, "alert_count": 5, "timestamp": 1765462836016, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693175748, "etime": 1761098693175748, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50304, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124899, "etime": 1761098693124899, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49916, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130612, "etime": 1761098693130612, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50053, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179469, "etime": 1761098693179469, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50344, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693124219, "etime": 1761098693124219, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49887, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172317, "etime": 1761098693172317, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50262, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133363, "etime": 1761098693133363, "src_ip": "10.1.131.158", "dest_ip": "120.46.216.189", "src_port": 50095, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200023, "etime": 1761098693200023, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50367, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179216, "etime": 1761098693179216, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50331, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124970, "etime": 1761098693124970, "src_ip": "10.1.131.158", "dest_ip": "111.13.25.27", "src_port": 49953, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693113316, "etime": 1761098693113316, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49857, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693151796, "etime": 1761098693151796, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50177, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693155137, "etime": 1761098693155137, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50207, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693200287, "etime": 1761098693200287, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50377, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202338, "etime": 1761098693202338, "src_ip": "10.1.131.158", "dest_ip": "111.32.132.48", "src_port": 50416, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693204111, "etime": 1761098693204111, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50496, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221203, "etime": 1761098693221203, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50522, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124936, "etime": 1761098693124936, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.1", "src_port": 49927, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177079, "etime": 1761098693177079, "src_ip": "10.1.131.158", "dest_ip": "120.220.77.56", "src_port": 50313, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693201377, "etime": 1761098693201377, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50404, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218036, "etime": 1761098693218036, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50500, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693168944, "etime": 1761098693168944, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50239, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693130344, "etime": 1761098693130344, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50051, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693265281, "etime": 1761098693265281, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50557, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122920, "etime": 1761098693122920, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49873, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115339, "etime": 1761098693115339, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 49861, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:36.017] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:20:36.017] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:36.017] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:37.621] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26557 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.17.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.17.17610986931420.jsonl?X-Amz-Signature=580140d20af9cb476d48ed7c0bce159741949c0729924f580afa91b4fb15142b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T062037Z&X-Amz-Expires=604800"} [2025-12-11 14:20:37.621] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:37.621] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:37.621] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:37.621] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:37.621] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:37.622] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:38.930] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.17.17610986931420.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 6, "normal_count": 12, "alert_count": 6, "timestamp": 1765462838929, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693127670, "etime": 1761098693127670, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50012, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693133299, "etime": 1761098693133299, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50094, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301983, "etime": 1761098693301983, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50606, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693229501, "etime": 1761098693229501, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50257, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134168, "etime": 1761098693134168, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50101, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693241244, "etime": 1761098693241244, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50435, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693238925, "etime": 1761098693238925, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50395, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122863, "etime": 1761098693122863, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49973, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123869, "etime": 1761098693123869, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49989, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693135641, "etime": 1761098693135641, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50103, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693300282, "etime": 1761098693300282, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50476, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124961, "etime": 1761098693124961, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49990, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693301229, "etime": 1761098693301229, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50499, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693300769, "etime": 1761098693300769, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.151", "src_port": 49788, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159762, "etime": 1761098693159762, "src_ip": "10.1.131.158", "dest_ip": "117.162.10.192", "src_port": 50114, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693182194, "etime": 1761098693182194, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50225, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693242571, "etime": 1761098693242571, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50448, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693239724, "etime": 1761098693239724, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50409, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:38.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 6|max_alert: 1000 [2025-12-11 14:20:38.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:38.930] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:40.753] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25310 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.18.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.18.17610986931420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062040Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ecf5d69c416cb672c7c5ba9fa9a3a22b50cfd34e55b2096a5fe7f325dc159882"} [2025-12-11 14:20:40.754] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:40.754] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:40.754] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:40.754] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:40.754] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:40.754] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:42.127] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.18.17610986931420.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765462842127, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693159048, "etime": 1761098693159048, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50220, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123802, "etime": 1761098693123802, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49935, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118079, "etime": 1761098693118079, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49893, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116505, "etime": 1761098693116505, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49830, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202507, "etime": 1761098693202507, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50553, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120311, "etime": 1761098693120311, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49929, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133131, "etime": 1761098693133131, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50088, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196080, "etime": 1761098693196080, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50475, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188630, "etime": 1761098693188630, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50383, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212598, "etime": 1761098693212598, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50650, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130217, "etime": 1761098693130217, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50046, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144746, "etime": 1761098693144746, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50141, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189551, "etime": 1761098693189551, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50386, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193034, "etime": 1761098693193034, "src_ip": "10.1.131.158", "dest_ip": "120.253.255.38", "src_port": 50449, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187391, "etime": 1761098693187391, "src_ip": "10.1.131.158", "dest_ip": "223.113.130.85", "src_port": 50373, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150477, "etime": 1761098693150477, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50169, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143833, "etime": 1761098693143833, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50132, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186350, "etime": 1761098693186350, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50371, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693205538, "etime": 1761098693205538, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50554, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:42.127] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:20:42.127] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:42.127] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:43.882] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24888 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.19.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.19.17610986931420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062043Z&X-Amz-Expires=604800&X-Amz-Signature=2f404832b4857d11bd039e3aec1da230c37a996a7ad2dba08922777e63e9f980&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:20:43.882] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:43.882] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:43.882] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:43.882] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:43.882] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:43.883] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:45.106] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.19.17610986931420.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 1, "normal_count": 16, "alert_count": 1, "timestamp": 1765462845106, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693116442, "etime": 1761098693116442, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49870, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693169741, "etime": 1761098693169741, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50254, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207127, "etime": 1761098693207127, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50589, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192199, "etime": 1761098693192199, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50432, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693214186, "etime": 1761098693214186, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50623, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218238, "etime": 1761098693218238, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50651, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177269, "etime": 1761098693177269, "src_ip": "10.1.131.158", "dest_ip": "211.151.19.148", "src_port": 50321, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152277, "etime": 1761098693152277, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50183, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159103, "etime": 1761098693159103, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50222, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693159054, "etime": 1761098693159054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50221, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144731, "etime": 1761098693144731, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50140, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178672, "etime": 1761098693178672, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50345, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188757, "etime": 1761098693188757, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50385, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216140, "etime": 1761098693216140, "src_ip": "10.1.131.158", "dest_ip": "106.13.244.95", "src_port": 50626, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125981, "etime": 1761098693125981, "src_ip": "10.1.131.158", "dest_ip": "39.156.61.248", "src_port": 50006, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124860, "etime": 1761098693124860, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49999, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172509, "etime": 1761098693172509, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50267, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:45.106] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:20:45.106] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:45.106] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:47.055] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25311 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.20.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.20.17610986931420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T062046Z&X-Amz-Signature=a1663cddcf58a607c72cd43c8b4ec432c0fd04a56c8d951615916e63e6932990&X-Amz-Expires=604800"} [2025-12-11 14:20:47.055] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:47.055] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:47.056] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:47.056] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:47.056] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:47.056] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:48.268] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.20.17610986931420.jsonl|result:{"code": 1, "total_count": 17, "abnormal_count": 3, "normal_count": 14, "alert_count": 3, "timestamp": 1765462848267, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693122247, "etime": 1761098693122247, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49970, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207738, "etime": 1761098693207738, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50598, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209477, "etime": 1761098693209477, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50616, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115028, "etime": 1761098693115028, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49773, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693197781, "etime": 1761098693197781, "src_ip": "10.1.131.158", "dest_ip": "124.71.236.98", "src_port": 50400, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133428, "etime": 1761098693133428, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50096, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132982, "etime": 1761098693132982, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50082, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210602, "etime": 1761098693210602, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50622, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199396, "etime": 1761098693199396, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50453, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186190, "etime": 1761098693186190, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50356, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196311, "etime": 1761098693196311, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50378, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693124044, "etime": 1761098693124044, "src_ip": "10.1.131.158", "dest_ip": "183.220.151.49", "src_port": 49991, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143799, "etime": 1761098693143799, "src_ip": "10.1.131.158", "dest_ip": "111.48.172.241", "src_port": 50129, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153979, "etime": 1761098693153979, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50189, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693118154, "etime": 1761098693118154, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49894, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205167, "etime": 1761098693205167, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50555, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176779, "etime": 1761098693176779, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50317, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}]} [2025-12-11 14:20:48.268] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:20:48.268] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:48.268] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:50.206] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26558 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.21.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.21.17610986931420.jsonl?X-Amz-Signature=0a395594f1e150bec20c926560a53f8b0bb3476ea35484c70a577dd5553da975&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062049Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:20:50.206] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:50.206] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:50.206] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:50.206] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:50.206] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:50.207] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:51.626] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.21.17610986931420.jsonl|result:{"code": 0, "total_count": 20, "abnormal_count": 0, "normal_count": 20, "alert_count": 0, "timestamp": 1765462851625, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693154053, "etime": 1761098693154053, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.18", "src_port": 50191, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120559, "etime": 1761098693120559, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49933, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156214, "etime": 1761098693156214, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50211, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116506, "etime": 1761098693116506, "src_ip": "10.1.131.158", "dest_ip": "150.171.27.10", "src_port": 49871, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693176556, "etime": 1761098693176556, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50315, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178866, "etime": 1761098693178866, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50346, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188791, "etime": 1761098693188791, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50389, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179939, "etime": 1761098693179939, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50348, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196465, "etime": 1761098693196465, "src_ip": "10.1.131.158", "dest_ip": "183.234.97.89", "src_port": 50477, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166646, "etime": 1761098693166646, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50233, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209054, "etime": 1761098693209054, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50633, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129635, "etime": 1761098693129635, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50018, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127794, "etime": 1761098693127794, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50014, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119229, "etime": 1761098693119229, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49921, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133981, "etime": 1761098693133981, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50076, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693131137, "etime": 1761098693131137, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50027, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177978, "etime": 1761098693177978, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50330, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189496, "etime": 1761098693189496, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50407, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134248, "etime": 1761098693134248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50086, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205739, "etime": 1761098693205739, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50574, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:51.626] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:20:53.394] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26559 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.2.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.2.17610986931420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=83b67b081a87ad18d95937ff4f951324121ac7d92153dda4710f1385a5e11f65&X-Amz-Date=20251211T062053Z"} [2025-12-11 14:20:53.394] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:53.394] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:53.394] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:53.394] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:53.395] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:53.395] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:55.333] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.2.17610986931420.jsonl|result:{"code": 1, "total_count": 27, "abnormal_count": 2, "normal_count": 25, "alert_count": 2, "timestamp": 1765462855332, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693217097, "etime": 1761098693217097, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50634, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693217595, "etime": 1761098693217595, "src_ip": "10.1.131.158", "dest_ip": "118.89.204.198", "src_port": 50648, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174890, "etime": 1761098693174890, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50287, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693194763, "etime": 1761098693194763, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50459, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693223092, "etime": 1761098693223092, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50658, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693145373, "etime": 1761098693145373, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49995, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182317, "etime": 1761098693182317, "src_ip": "10.1.131.158", "dest_ip": "120.233.185.134", "src_port": 50337, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193095, "etime": 1761098693193095, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50414, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693167404, "etime": 1761098693167404, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50237, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210642, "etime": 1761098693210642, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50570, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693212129, "etime": 1761098693212129, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50580, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198672, "etime": 1761098693198672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50471, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174493, "etime": 1761098693174493, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50278, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693191815, "etime": 1761098693191815, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50402, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188534, "etime": 1761098693188534, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50381, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693202604, "etime": 1761098693202604, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50484, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122847, "etime": 1761098693122847, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49846, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209873, "etime": 1761098693209873, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50528, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693182046, "etime": 1761098693182046, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50328, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190529, "etime": 1761098693190529, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50401, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693175889, "etime": 1761098693175889, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50296, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693121095, "etime": 1761098693121095, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49943, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693214968, "etime": 1761098693214968, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.105", "src_port": 50625, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117266, "etime": 1761098693117266, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49821, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189348, "etime": 1761098693189348, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50398, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152492, "etime": 1761098693152492, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50004, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201106, "etime": 1761098693201106, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50480, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:55.333] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:20:55.333] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:55.333] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:20:56.891] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26560 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.22.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.22.17610986931420.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7247f1a7ee05cbe49681f630ba4fd87d7e94a53830fd5119e999b56f1f655b8e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T062056Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:20:56.891] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:20:56.891] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:20:56.892] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:20:56.892] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:20:56.892] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:20:56.892] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:20:58.369] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.22.17610986931420.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765462858369, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693202862, "etime": 1761098693202862, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50028, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693333578, "etime": 1761098693333578, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50365, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112872, "etime": 1761098693112872, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49854, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693365079, "etime": 1761098693365079, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50662, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693358650, "etime": 1761098693358650, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50585, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336672, "etime": 1761098693336672, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50530, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693201839, "etime": 1761098693201839, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50026, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129607, "etime": 1761098693129607, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.50", "src_port": 49841, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337746, "etime": 1761098693337746, "src_ip": "10.1.131.158", "dest_ip": "111.62.174.243", "src_port": 50545, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693361753, "etime": 1761098693361753, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50612, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693139895, "etime": 1761098693139895, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49925, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693141851, "etime": 1761098693141851, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49944, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693317569, "etime": 1761098693317569, "src_ip": "10.1.131.158", "dest_ip": "111.51.161.66", "src_port": 50123, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334406, "etime": 1761098693334406, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50397, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693298598, "etime": 1761098693298598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50118, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693332137, "etime": 1761098693332137, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50357, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693335291, "etime": 1761098693335291, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50440, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334088, "etime": 1761098693334088, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50368, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:20:58.369] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:20:58.369] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:20:58.370] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:00.733] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26561 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.23.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.23.17610986931420.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251211T062100Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=407b0487c6d26c8ba16727130538032b053fb8ee84427c1c30b55314dae44a2b"} [2025-12-11 14:21:00.733] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:00.733] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:00.733] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:00.733] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:00.733] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:00.734] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:02.287] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.23.17610986931420.jsonl|result:{"code": 1, "total_count": 21, "abnormal_count": 2, "normal_count": 19, "alert_count": 2, "timestamp": 1765462862286, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693144124, "etime": 1761098693144124, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50126, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693492527, "etime": 1761098693492527, "src_ip": "10.1.131.158", "dest_ip": "13.107.246.74", "src_port": 50506, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494901, "etime": 1761098693494901, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50627, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693141938, "etime": 1761098693141938, "src_ip": "10.1.131.158", "dest_ip": "36.150.160.206", "src_port": 50124, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693368415, "etime": 1761098693368415, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50260, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130737, "etime": 1761098693130737, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50064, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693491236, "etime": 1761098693491236, "src_ip": "10.1.131.158", "dest_ip": "111.31.122.55", "src_port": 50498, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130111, "etime": 1761098693130111, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50042, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130291, "etime": 1761098693130291, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50044, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693494657, "etime": 1761098693494657, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50562, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693498612, "etime": 1761098693498612, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50640, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132203, "etime": 1761098693132203, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50073, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693493907, "etime": 1761098693493907, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50514, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134231, "etime": 1761098693134231, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50085, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693490969, "etime": 1761098693490969, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50429, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693379798, "etime": 1761098693379798, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50309, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693152858, "etime": 1761098693152858, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50149, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693153104, "etime": 1761098693153104, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50168, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693487536, "etime": 1761098693487536, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50382, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693496200, "etime": 1761098693496200, "src_ip": "10.1.131.158", "dest_ip": "120.222.152.64", "src_port": 50638, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50037, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:02.287] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:21:02.287] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:02.287] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:03.960] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26562 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.24.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.24.17610986931420.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T062103Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b45d44dc94dc54bf0e6c1465630f23aa9c52f6800d9603ea20e2c2c944067372"} [2025-12-11 14:21:03.960] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:03.960] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:03.960] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:03.960] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:03.960] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:03.961] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:05.276] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.24.17610986931420.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 5, "normal_count": 13, "alert_count": 5, "timestamp": 1765462865275, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693184775, "etime": 1761098693184775, "src_ip": "10.1.131.158", "dest_ip": "221.130.18.174", "src_port": 50363, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693176132, "etime": 1761098693176132, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50229, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173433, "etime": 1761098693173433, "src_ip": "10.1.131.158", "dest_ip": "120.46.68.203", "src_port": 50195, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198598, "etime": 1761098693198598, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50482, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198809, "etime": 1761098693198809, "src_ip": "10.1.131.158", "dest_ip": "120.233.38.119", "src_port": 50495, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208140, "etime": 1761098693208140, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50603, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121515, "etime": 1761098693121515, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.21", "src_port": 49947, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693196586, "etime": 1761098693196586, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50478, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693170337, "etime": 1761098693170337, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50034, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123516, "etime": 1761098693123516, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49985, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693177311, "etime": 1761098693177311, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50281, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208990, "etime": 1761098693208990, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50631, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207352, "etime": 1761098693207352, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50594, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170272, "etime": 1761098693170272, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50031, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693170322, "etime": 1761098693170322, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50033, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693177047, "etime": 1761098693177047, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50259, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693128006, "etime": 1761098693128006, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50011, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693177486, "etime": 1761098693177486, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50319, "dest_port": 9000, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:05.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:21:05.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:05.276] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:07.390] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24889 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.25.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.25.17610986931420.jsonl?X-Amz-Signature=3f930610ee7f49d67382abef8cf32c07725b2ad5044f3a1f6b8e5ed4331e5d14&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062106Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:21:07.390] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:07.390] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:07.390] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:07.390] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:07.390] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:07.391] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:08.721] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.25.17610986931420.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765462868720, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693128143, "etime": 1761098693128143, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50013, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130054, "etime": 1761098693130054, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50038, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130507, "etime": 1761098693130507, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50062, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142420, "etime": 1761098693142420, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50125, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693281130, "etime": 1761098693281130, "src_ip": "10.1.131.158", "dest_ip": "183.240.99.58", "src_port": 50641, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693113859, "etime": 1761098693113859, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.101", "src_port": 49705, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174876, "etime": 1761098693174876, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50258, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188015, "etime": 1761098693188015, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50288, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125207, "etime": 1761098693125207, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 50005, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144088, "etime": 1761098693144088, "src_ip": "10.1.131.158", "dest_ip": "223.111.88.223", "src_port": 50134, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693222350, "etime": 1761098693222350, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50551, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693119106, "etime": 1761098693119106, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49919, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693282540, "etime": 1761098693282540, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50652, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112278, "etime": 1761098693112278, "src_ip": "202.89.233.96", "dest_ip": "10.1.131.158", "src_port": 443, "dest_port": 49847, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190162, "etime": 1761098693190162, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50419, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693221620, "etime": 1761098693221620, "src_ip": "10.1.131.158", "dest_ip": "36.155.160.140", "src_port": 49790, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188866, "etime": 1761098693188866, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50334, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112534, "etime": 1761098693112534, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49742, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:08.721] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:21:08.721] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:08.721] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:10.634] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26563 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.26.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.26.17610986931420.jsonl?X-Amz-Date=20251211T062110Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=87686b19a8e1d06f9d8926455e254a71112780a8fdf170626e5f488f7d543f60&X-Amz-SignedHeaders=host"} [2025-12-11 14:21:10.634] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:10.634] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:10.634] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:10.634] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:10.634] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:10.634] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:12.313] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.26.17610986931420.jsonl|result:{"code": 1, "total_count": 23, "abnormal_count": 5, "normal_count": 18, "alert_count": 5, "timestamp": 1765462872312, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693215188, "etime": 1761098693215188, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50439, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219957, "etime": 1761098693219957, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50521, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199484, "etime": 1761098693199484, "src_ip": "10.1.131.158", "dest_ip": "151.101.1.229", "src_port": 50316, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120476, "etime": 1761098693120476, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 49930, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208035, "etime": 1761098693208035, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50347, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129055, "etime": 1761098693129055, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.134", "src_port": 49954, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693218569, "etime": 1761098693218569, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50463, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198591, "etime": 1761098693198591, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50314, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693136542, "etime": 1761098693136542, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.253", "src_port": 50117, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693218852, "etime": 1761098693218852, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50467, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210159, "etime": 1761098693210159, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 50362, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114644, "etime": 1761098693114644, "src_ip": "10.1.131.158", "dest_ip": "13.225.117.53", "src_port": 49845, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693219760, "etime": 1761098693219760, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50512, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211123, "etime": 1761098693211123, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50375, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118410, "etime": 1761098693118410, "src_ip": "10.1.131.158", "dest_ip": "111.13.29.202", "src_port": 49897, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693131369, "etime": 1761098693131369, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49986, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693188486, "etime": 1761098693188486, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50230, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209113, "etime": 1761098693209113, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.9", "src_port": 50353, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207769, "etime": 1761098693207769, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50322, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693216679, "etime": 1761098693216679, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50445, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220218, "etime": 1761098693220218, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50593, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693201739, "etime": 1761098693201739, "src_ip": "10.1.131.158", "dest_ip": "43.140.12.43", "src_port": 50318, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693133220, "etime": 1761098693133220, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50040, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:12.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 5|max_alert: 1000 [2025-12-11 14:21:12.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:12.313] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:13.851] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26564 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.3.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.3.17610986931420.jsonl?X-Amz-Signature=fe08b250ca0335370875bfef5bfb00d731b38851601f372bda136314b49d7471&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062113Z&X-Amz-SignedHeaders=host"} [2025-12-11 14:21:13.851] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:13.851] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:13.851] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:13.851] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:13.851] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:13.851] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:16.118] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.3.17610986931420.jsonl|result:{"code": 1, "total_count": 31, "abnormal_count": 4, "normal_count": 27, "alert_count": 4, "timestamp": 1765462876117, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693134927, "etime": 1761098693134927, "src_ip": "10.1.131.158", "dest_ip": "124.70.62.170", "src_port": 50093, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693218453, "etime": 1761098693218453, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50630, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693206339, "etime": 1761098693206339, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50399, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114449, "etime": 1761098693114449, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 49824, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121195, "etime": 1761098693121195, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49922, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693220454, "etime": 1761098693220454, "src_ip": "10.1.131.158", "dest_ip": "111.13.104.59", "src_port": 50639, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134473, "etime": 1761098693134473, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50032, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206072, "etime": 1761098693206072, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50390, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693146144, "etime": 1761098693146144, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 50143, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693213292, "etime": 1761098693213292, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50579, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693164829, "etime": 1761098693164829, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50231, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207961, "etime": 1761098693207961, "src_ip": "10.1.131.158", "dest_ip": "120.253.253.233", "src_port": 50436, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130462, "etime": 1761098693130462, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50020, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123408, "etime": 1761098693123408, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49982, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693129345, "etime": 1761098693129345, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49987, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693211595, "etime": 1761098693211595, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50560, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143901, "etime": 1761098693143901, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50131, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119035, "etime": 1761098693119035, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.92", "src_port": 49915, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693198165, "etime": 1761098693198165, "src_ip": "10.1.131.158", "dest_ip": "183.194.189.11", "src_port": 50307, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114566, "etime": 1761098693114566, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49839, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693208532, "etime": 1761098693208532, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.68", "src_port": 50437, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143729, "etime": 1761098693143729, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50128, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693211131, "etime": 1761098693211131, "src_ip": "10.1.131.158", "dest_ip": "111.31.114.80", "src_port": 50473, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206376, "etime": 1761098693206376, "src_ip": "10.1.131.158", "dest_ip": "120.226.165.120", "src_port": 50423, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192952, "etime": 1761098693192952, "src_ip": "10.1.131.158", "dest_ip": "120.226.166.151", "src_port": 50286, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693212113, "etime": 1761098693212113, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50573, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693118378, "etime": 1761098693118378, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49890, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693124349, "etime": 1761098693124349, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 49983, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693134557, "etime": 1761098693134557, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50041, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210251, "etime": 1761098693210251, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50468, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117914, "etime": 1761098693117914, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49889, "dest_port": 80, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:16.118] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 14:21:16.118] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:16.118] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:16.980] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26565 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.4.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.4.17610986931420.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062116Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=a8f2ec1dae90dfa68b9f7c541308c4d37d3e1a1b2ed057b367b9dea21d446f7b"} [2025-12-11 14:21:16.980] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:16.980] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:16.980] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:16.980] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:16.980] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:16.981] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:18.144] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.4.17610986931420.jsonl|result:{"code": 0, "total_count": 16, "abnormal_count": 0, "normal_count": 16, "alert_count": 0, "timestamp": 1765462878143, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1761098693207747, "etime": 1761098693207747, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50599, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210082, "etime": 1761098693210082, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50653, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693173174, "etime": 1761098693173174, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50271, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178417, "etime": 1761098693178417, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.25", "src_port": 50340, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115249, "etime": 1761098693115249, "src_ip": "10.1.131.158", "dest_ip": "142.250.66.78", "src_port": 49761, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189883, "etime": 1761098693189883, "src_ip": "10.1.131.158", "dest_ip": "104.18.38.233", "src_port": 49696, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693121371, "etime": 1761098693121371, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.2", "src_port": 49815, "dest_port": 8080, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195198, "etime": 1761098693195198, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50428, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125381, "etime": 1761098693125381, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50007, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210893, "etime": 1761098693210893, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50664, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195507, "etime": 1761098693195507, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50461, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693209439, "etime": 1761098693209439, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50642, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693130089, "etime": 1761098693130089, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50039, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150490, "etime": 1761098693150490, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50170, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114224, "etime": 1761098693114224, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49860, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693172508, "etime": 1761098693172508, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50268, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:18.144] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:21:20.493] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24890 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.5.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.5.17610986931420.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T062120Z&X-Amz-Signature=5c225be6af0b3d876381ef8b1787bef23f559397af4ddf5a613156675bbb20a5&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:21:20.493] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:20.493] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:20.493] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:20.493] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:20.493] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:20.494] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:21.909] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.5.17610986931420.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 4, "normal_count": 15, "alert_count": 4, "timestamp": 1765462881909, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693194249, "etime": 1761098693194249, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50119, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693114514, "etime": 1761098693114514, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 49726, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693126288, "etime": 1761098693126288, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49924, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693345537, "etime": 1761098693345537, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50624, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336912, "etime": 1761098693336912, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50333, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125741, "etime": 1761098693125741, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 49902, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693336860, "etime": 1761098693336860, "src_ip": "10.1.131.158", "dest_ip": "10.1.4.74", "src_port": 50320, "dest_port": 9000, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342476, "etime": 1761098693342476, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50549, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342536, "etime": 1761098693342536, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50564, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693346638, "etime": 1761098693346638, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50654, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693334141, "etime": 1761098693334141, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50242, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693116216, "etime": 1761098693116216, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49867, "dest_port": 443, "protocol": "tls", "result": "Godzilla"}, {"stime": 1761098693129976, "etime": 1761098693129976, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50030, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693196609, "etime": 1761098693196609, "src_ip": "10.1.131.158", "dest_ip": "36.158.247.186", "src_port": 50121, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693314431, "etime": 1761098693314431, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50171, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693337799, "etime": 1761098693337799, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50422, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342234, "etime": 1761098693342234, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50541, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693342839, "etime": 1761098693342839, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50587, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693256582, "etime": 1761098693256582, "src_ip": "10.1.131.158", "dest_ip": "120.46.72.204", "src_port": 50136, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 14:21:21.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 4|max_alert: 1000 [2025-12-11 14:21:21.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:21.910] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:23.633] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24891 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.6.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.6.17610986931420.jsonl?X-Amz-Signature=dec6344ce65cb52802bb180daff70b9fe42889123d190fbbe16fb6a2e6fb5ffa&X-Amz-Date=20251211T062123Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 14:21:23.634] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:23.634] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:23.634] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:23.634] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:23.634] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:23.635] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:24.619] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.6.17610986931420.jsonl|result:{"code": 1, "total_count": 13, "abnormal_count": 2, "normal_count": 11, "alert_count": 2, "timestamp": 1765462884618, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693198187, "etime": 1761098693198187, "src_ip": "10.1.131.158", "dest_ip": "121.36.68.44", "src_port": 50504, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193190, "etime": 1761098693193190, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50450, "dest_port": 443, "protocol": "tls", "result": "Antsword"}, {"stime": 1761098693117578, "etime": 1761098693117578, "src_ip": "10.1.131.158", "dest_ip": "13.89.179.10", "src_port": 49883, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189721, "etime": 1761098693189721, "src_ip": "10.1.131.158", "dest_ip": "111.31.102.211", "src_port": 50413, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195245, "etime": 1761098693195245, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50465, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693118778, "etime": 1761098693118778, "src_ip": "10.1.131.158", "dest_ip": "23.57.94.38", "src_port": 49892, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125021, "etime": 1761098693125021, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 50003, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693178297, "etime": 1761098693178297, "src_ip": "10.1.131.158", "dest_ip": "36.156.39.91", "src_port": 50339, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693123809, "etime": 1761098693123809, "src_ip": "10.1.131.158", "dest_ip": "23.2.16.16", "src_port": 49975, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693199636, "etime": 1761098693199636, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50515, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693120009, "etime": 1761098693120009, "src_ip": "10.1.131.158", "dest_ip": "111.13.28.239", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693187217, "etime": 1761098693187217, "src_ip": "10.1.131.158", "dest_ip": "139.9.117.192", "src_port": 50372, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189115, "etime": 1761098693189115, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50391, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:24.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:21:24.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:24.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:26.849] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25312 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.7.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.7.17610986931420.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=1ff9d2de7e3c4c2dc2ac0a8dba39c0c8781554f15547dfc925d3e9b938bae4a0&X-Amz-Expires=604800&X-Amz-Date=20251211T062126Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:21:26.849] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:26.849] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:26.849] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:26.849] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:26.849] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:26.849] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:28.180] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.7.17610986931420.jsonl|result:{"code": 1, "total_count": 18, "abnormal_count": 3, "normal_count": 15, "alert_count": 3, "timestamp": 1765462888179, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693165424, "etime": 1761098693165424, "src_ip": "10.1.131.158", "dest_ip": "183.240.8.132", "src_port": 50227, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693206187, "etime": 1761098693206187, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50581, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693112384, "etime": 1761098693112384, "src_ip": "10.1.131.158", "dest_ip": "111.4.224.113", "src_port": 49849, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693163114, "etime": 1761098693163114, "src_ip": "10.1.131.158", "dest_ip": "120.241.86.254", "src_port": 50199, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693150585, "etime": 1761098693150585, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 50172, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143821, "etime": 1761098693143821, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50116, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693132877, "etime": 1761098693132877, "src_ip": "10.1.131.158", "dest_ip": "117.185.125.188", "src_port": 49872, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693138990, "etime": 1761098693138990, "src_ip": "10.1.131.158", "dest_ip": "120.240.51.80", "src_port": 50010, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193163, "etime": 1761098693193163, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50441, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140698, "etime": 1761098693140698, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50083, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210852, "etime": 1761098693210852, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50663, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189679, "etime": 1761098693189679, "src_ip": "10.1.131.158", "dest_ip": "112.34.111.235", "src_port": 50411, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693134597, "etime": 1761098693134597, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49885, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693180826, "etime": 1761098693180826, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50270, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693140979, "etime": 1761098693140979, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.27", "src_port": 50100, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693148161, "etime": 1761098693148161, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50156, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693169940, "etime": 1761098693169940, "src_ip": "10.1.131.158", "dest_ip": "223.111.194.233", "src_port": 50255, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693135950, "etime": 1761098693135950, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49994, "dest_port": 443, "protocol": "tls", "result": "Behinder"}]} [2025-12-11 14:21:28.180] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 3|max_alert: 1000 [2025-12-11 14:21:28.180] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:28.180] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:30.045] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26566 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.8.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.8.17610986931420.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=bf6a70a8a94b8ce9acd80e6d0b5115eb6ee275408b6e1ff4594c2dd4443c97cc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062129Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 14:21:30.046] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:30.046] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:30.046] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:30.046] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:30.046] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:30.046] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:31.420] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.8.17610986931420.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 1, "normal_count": 18, "alert_count": 1, "timestamp": 1765462891419, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693117974, "etime": 1761098693117974, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49891, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693144557, "etime": 1761098693144557, "src_ip": "10.1.131.158", "dest_ip": "121.36.47.3", "src_port": 50015, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189549, "etime": 1761098693189549, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50408, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693122721, "etime": 1761098693122721, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49923, "dest_port": 443, "protocol": "tls", "result": "CobaltStrike"}, {"stime": 1761098693212821, "etime": 1761098693212821, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50661, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693142490, "etime": 1761098693142490, "src_ip": "10.1.131.158", "dest_ip": "111.63.215.47", "src_port": 49980, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158511, "etime": 1761098693158511, "src_ip": "10.1.131.158", "dest_ip": "172.16.92.3", "src_port": 50184, "dest_port": 37527, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693115316, "etime": 1761098693115316, "src_ip": "10.1.131.158", "dest_ip": "202.89.233.96", "src_port": 49865, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693190893, "etime": 1761098693190893, "src_ip": "10.1.131.158", "dest_ip": "183.201.232.63", "src_port": 50420, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693158270, "etime": 1761098693158270, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50127, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693143473, "etime": 1761098693143473, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49997, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693161170, "etime": 1761098693161170, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50223, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207287, "etime": 1761098693207287, "src_ip": "10.1.131.158", "dest_ip": "36.131.128.241", "src_port": 50591, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693186028, "etime": 1761098693186028, "src_ip": "10.1.131.158", "dest_ip": "40.74.78.229", "src_port": 50370, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693210048, "etime": 1761098693210048, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50649, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693119175, "etime": 1761098693119175, "src_ip": "10.1.131.158", "dest_ip": "120.232.40.133", "src_port": 49920, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693205281, "etime": 1761098693205281, "src_ip": "10.1.131.158", "dest_ip": "36.131.139.241", "src_port": 50556, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693156358, "etime": 1761098693156358, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50077, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693188767, "etime": 1761098693188767, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50388, "dest_port": 53, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:31.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 1|max_alert: 1000 [2025-12-11 14:21:31.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:31.420] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:33.236] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25313 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.9.17610986931420.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.9.17610986931420.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=619547047014c7d74b5480d7df67a63eccd158e7f8264908d98497ba91c19cf7&X-Amz-Expires=604800&X-Amz-Date=20251211T062132Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:21:33.236] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:33.237] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:33.237] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:33.237] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:33.237] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:33.237] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:34.619] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.9.17610986931420.jsonl|result:{"code": 1, "total_count": 19, "abnormal_count": 2, "normal_count": 17, "alert_count": 2, "timestamp": 1765462894618, "module": "anquanchu", "alerted": true, "proto": "tls", "details": [{"stime": 1761098693126301, "etime": 1761098693126301, "src_ip": "10.1.131.158", "dest_ip": "120.240.80.41", "src_port": 49928, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693135836, "etime": 1761098693135836, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50047, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189167, "etime": 1761098693189167, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50387, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693189365, "etime": 1761098693189365, "src_ip": "10.1.131.158", "dest_ip": "111.29.14.183", "src_port": 50403, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693117015, "etime": 1761098693117015, "src_ip": "10.1.131.158", "dest_ip": "112.2.102.140", "src_port": 49880, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693208248, "etime": 1761098693208248, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50582, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207340, "etime": 1761098693207340, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50577, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693193933, "etime": 1761098693193933, "src_ip": "10.1.131.158", "dest_ip": "117.163.59.175", "src_port": 50443, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693179622, "etime": 1761098693179622, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50323, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693125601, "etime": 1761098693125601, "src_ip": "10.1.131.158", "dest_ip": "23.219.73.130", "src_port": 49895, "dest_port": 80, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693192265, "etime": 1761098693192265, "src_ip": "10.1.131.158", "dest_ip": "150.171.30.11", "src_port": 50434, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693166653, "etime": 1761098693166653, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50234, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693136743, "etime": 1761098693136743, "src_ip": "10.1.131.158", "dest_ip": "124.71.234.74", "src_port": 50079, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693195403, "etime": 1761098693195403, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.45", "src_port": 50444, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693207139, "etime": 1761098693207139, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50571, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693157711, "etime": 1761098693157711, "src_ip": "10.1.131.158", "dest_ip": "157.148.32.174", "src_port": 50216, "dest_port": 8106, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693174411, "etime": 1761098693174411, "src_ip": "10.1.131.158", "dest_ip": "10.1.9.17", "src_port": 50279, "dest_port": 53, "protocol": "tls", "result": "Normal"}, {"stime": 1761098693127466, "etime": 1761098693127466, "src_ip": "10.1.131.158", "dest_ip": "120.233.3.26", "src_port": 49993, "dest_port": 443, "protocol": "tls", "result": "Behinder"}, {"stime": 1761098693205083, "etime": 1761098693205083, "src_ip": "10.1.131.158", "dest_ip": "39.156.8.100", "src_port": 50552, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:34.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 2|max_alert: 1000 [2025-12-11 14:21:34.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:296) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-11 14:21:34.619] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:308) 上报kafka. [2025-12-11 14:21:36.338] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25314 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.12.1765433596.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.12.1765433596.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=77fdad0cf929e2c49cac3c2ea604e2ca4b1654b808e6f6b1983ceb16db3397db&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062135Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:21:36.338] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:36.338] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:36.338] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:36.338] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:36.338] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:36.339] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:36.426] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.12.1765433596.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462896425, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434008887042, "etime": 1765434008887042, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49822, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:36.426] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:21:39.439] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24892 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.11.1765433987.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.11.1765433987.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=fe56d4a6a77901aa767483f29a7eadfce02e3989ddafd9a332dbfffbdd124930&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062139Z"} [2025-12-11 14:21:39.439] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:39.439] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:39.439] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:39.439] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:39.439] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:39.440] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:39.642] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.11.1765433987.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765462899642, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434018935228, "etime": 1765434018935228, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49824, "protocol": "tls", "result": "Normal"}, {"stime": 1765433987302061, "etime": 1765433987302061, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49820, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:39.642] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:21:42.542] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26567 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.26.1765433545.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.26.1765433545.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062142Z&X-Amz-Signature=feb4a15c6f1a8e11923e490c1800b2aacd2f3c6c07c3b7c3c5359ded1b08a37f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:21:42.542] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:42.542] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:42.543] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:42.543] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:42.543] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:42.543] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:42.731] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.26.1765433545.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765462902730, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434030811926, "etime": 1765434030811926, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49825, "protocol": "tls", "result": "Normal"}, {"stime": 1765434042983412, "etime": 1765434042983412, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49826, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:42.731] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:21:45.644] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25315 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.6.1765433547.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.6.1765433547.jsonl?X-Amz-Signature=8713725db813c461f485e016b8cb39abd13d0291e7edba875a085487453b3e8e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062145Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:21:45.644] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:45.644] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:45.644] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:45.644] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:45.644] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:45.645] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:45.753] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.6.1765433547.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462905753, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434068942768, "etime": 1765434068942768, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49828, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:45.753] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:21:53.292] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25316 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.14.1765433572.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.14.1765433572.jsonl?X-Amz-Date=20251211T062152Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=66fa0dbfc9bc691dc8c0317b974e7031a62fcfe090e3ea1f8b8bc7aa39bae43a"} [2025-12-11 14:21:53.292] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:21:53.292] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:21:53.292] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:21:53.292] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:21:53.292] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:21:53.293] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:21:53.422] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.14.1765433572.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462913421, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434104810333, "etime": 1765434104810333, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49831, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:21:53.422] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:22:39.545] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26568 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.2.1765433571.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.2.1765433571.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=edb54e759b06ded9d9cd6dc831f8e39f2d3e8a5861df890cea6375380361a978&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T062239Z"} [2025-12-11 14:22:39.546] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:22:39.546] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:22:39.546] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:22:39.546] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:22:39.546] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:22:39.547] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:22:39.682] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.2.1765433571.jsonl|result:{"code": 0, "total_count": 1, "abnormal_count": 0, "normal_count": 1, "alert_count": 0, "timestamp": 1765462959681, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434126737454, "etime": 1765434126737454, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49835, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:22:39.682] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:26:52.065] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25317 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.24.1765433571.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.24.1765433571.jsonl?X-Amz-Date=20251211T062651Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=41c4a79f00b77ba6271f4bc4ca353da8787b04a873df4167cba040b27cd88392&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:26:52.065] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:26:52.065] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:26:52.065] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:26:52.065] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:26:52.065] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:26:52.066] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:26:52.264] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.24.1765433571.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765463212264, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434377671176, "etime": 1765434377671176, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49883, "protocol": "tls", "result": "Normal"}, {"stime": 1765434279137478, "etime": 1765434279137478, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49843, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:26:52.264] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:27:04.565] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25318 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.25.1765433661.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.25.1765433661.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062704Z&X-Amz-Expires=604800&X-Amz-Signature=450146d582a0ade0975a335717f7a30c5528d37e2fe8a84a7f488b2abada18e3"} [2025-12-11 14:27:04.565] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:27:04.565] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:27:04.565] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:27:04.565] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:27:04.565] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:27:04.566] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:27:04.767] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.25.1765433661.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765463224767, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434243441428, "etime": 1765434243441428, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49834, "protocol": "tls", "result": "Normal"}, {"stime": 1765434391110526, "etime": 1765434391110526, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49887, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:27:04.768] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:27:43.318] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25319 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.10.1765434404.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.10.1765434404.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062742Z&X-Amz-Expires=604800&X-Amz-Signature=a3f7b3e86c3ce6375fb2072b6ac37c8f4088994a86546b77f17d069c573295e0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 14:27:43.318] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:27:43.318] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:27:43.318] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:27:43.318] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:27:43.318] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:27:43.319] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:27:43.528] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.10.1765434404.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765463263527, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434454431426, "etime": 1765434454431426, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49899, "protocol": "tls", "result": "Normal"}, {"stime": 1765434404527688, "etime": 1765434404527688, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49892, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:27:43.528] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:19.320] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26569 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.13.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.13.1765434550.jsonl?X-Amz-Date=20251211T062918Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d6a6257664a8e6898a4a1b9339d3efda7b15a19ef262461ba5ff95406024186b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:29:19.320] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:19.320] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:19.320] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:19.320] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:19.320] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:19.321] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:20.019] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.13.1765434550.jsonl|result:{"code": 0, "total_count": 9, "abnormal_count": 0, "normal_count": 9, "alert_count": 0, "timestamp": 1765463360018, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551154924, "etime": 1765434551154924, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26930, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907389, "etime": 1765434550907389, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49881, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551146472, "etime": 1765434551146472, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49289, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551147883, "etime": 1765434551147883, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49303, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551142074, "etime": 1765434551142074, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49265, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551153536, "etime": 1765434551153536, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26924, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551156323, "etime": 1765434551156323, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26945, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551143645, "etime": 1765434551143645, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49277, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551144976, "etime": 1765434551144976, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49278, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:20.019] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:22.427] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25320 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.18.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.18.1765434550.jsonl?X-Amz-Signature=75055a765e8d15c500907f33e3ebed1de012873b2f60e3a6ef25ca7d7abcb75c&X-Amz-Date=20251211T062922Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:29:22.428] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:22.428] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:22.428] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:22.428] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:22.428] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:22.429] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:23.178] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.18.1765434550.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765463363177, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550905706, "etime": 1765434550905706, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49821, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551146608, "etime": 1765434551146608, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49306, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551047656, "etime": 1765434551047656, "src_ip": "116.117.158.78", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2070, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551158421, "etime": 1765434551158421, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26940, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551157004, "etime": 1765434551157004, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26904, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551159799, "etime": 1765434551159799, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26943, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551145160, "etime": 1765434551145160, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49305, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551148069, "etime": 1765434551148069, "src_ip": "123.125.34.45", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 50415, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551048504, "etime": 1765434551048504, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2066, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550999463, "etime": 1765434550999463, "src_ip": "27.221.30.148", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 1124, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:23.178] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:25.530] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25321 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.6.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.6.1765434550.jsonl?X-Amz-Signature=2c695ec691967f5d6adf256d637e884d80f2f736861a6db1178a6dc35ad35cb9&X-Amz-Date=20251211T062925Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 14:29:25.530] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:25.530] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:25.530] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:25.531] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:25.531] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:25.531] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:25.766] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.6.1765434550.jsonl|result:{"code": 0, "total_count": 3, "abnormal_count": 0, "normal_count": 3, "alert_count": 0, "timestamp": 1765463365766, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551154834, "etime": 1765434551154834, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26909, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550993097, "etime": 1765434550993097, "src_ip": "27.221.30.148", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 1033, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550906083, "etime": 1765434550906083, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49828, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:25.766] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:28.633] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26570 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.26.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.26.1765434550.jsonl?X-Amz-Date=20251211T062928Z&X-Amz-Signature=ac48126e6e32935b0c0f366d07269d37bdf88c155b5221a053fda0c7bac48d44&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-11 14:29:28.633] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:28.633] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:28.633] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:28.633] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:28.633] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:28.634] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:29.319] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.26.1765434550.jsonl|result:{"code": 0, "total_count": 9, "abnormal_count": 0, "normal_count": 9, "alert_count": 0, "timestamp": 1765463369318, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550908986, "etime": 1765434550908986, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49868, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551141393, "etime": 1765434551141393, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49261, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551152812, "etime": 1765434551152812, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26914, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551047539, "etime": 1765434551047539, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2068, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550905900, "etime": 1765434550905900, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49825, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550993174, "etime": 1765434550993174, "src_ip": "220.194.72.29", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49764, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907464, "etime": 1765434550907464, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49826, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551142872, "etime": 1765434551142872, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49287, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550994634, "etime": 1765434550994634, "src_ip": "123.125.16.229", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49769, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:29.319] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:31.743] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26571 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.7.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.7.1765434550.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=031df4a10f5ba4a86a16b07e2bb06964f8a88d8536624c83b28edf7c65563adf&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062931Z"} [2025-12-11 14:29:31.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:31.743] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:31.743] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:31.743] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:31.743] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:31.743] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:32.276] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.7.1765434550.jsonl|result:{"code": 0, "total_count": 7, "abnormal_count": 0, "normal_count": 7, "alert_count": 0, "timestamp": 1765463372276, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550911967, "etime": 1765434550911967, "src_ip": "192.168.61.142", "dest_ip": "175.24.252.168", "src_port": 49836, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550912195, "etime": 1765434550912195, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49905, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551050435, "etime": 1765434551050435, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2059, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551143088, "etime": 1765434551143088, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49275, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551157558, "etime": 1765434551157558, "src_ip": "119.188.123.171", "dest_ip": "192.168.253.128", "src_port": 443, "dest_port": 9532, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550913500, "etime": 1765434550913500, "src_ip": "47.99.189.149", "dest_ip": "192.168.9.236", "src_port": 443, "dest_port": 49942, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550910583, "etime": 1765434550910583, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49793, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:32.277] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:34.847] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25322 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.22.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.22.1765434550.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062934Z&X-Amz-Signature=75821512b4c57625ca78950493e69ff8b5911d11ca6b52b4eb7a6b86f8862b50&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:29:34.847] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:34.847] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:34.848] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:34.848] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:34.848] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:34.854] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:35.525] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.22.1765434550.jsonl|result:{"code": 0, "total_count": 9, "abnormal_count": 0, "normal_count": 9, "alert_count": 0, "timestamp": 1765463375524, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550912545, "etime": 1765434550912545, "src_ip": "192.168.85.128", "dest_ip": "179.43.151.13", "src_port": 49901, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550908218, "etime": 1765434550908218, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49777, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551143872, "etime": 1765434551143872, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49288, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551152748, "etime": 1765434551152748, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26916, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551154127, "etime": 1765434551154127, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26925, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551142454, "etime": 1765434551142454, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49281, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551056431, "etime": 1765434551056431, "src_ip": "116.117.158.42", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2103, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550911265, "etime": 1765434550911265, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49880, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550909746, "etime": 1765434550909746, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49826, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:35.525] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:37.952] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25323 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.2.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.2.1765434550.jsonl?X-Amz-Date=20251211T062937Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=bd07c37eb382bb96fe3403d682a84c6dc8bc439ccb8040bc07f2fa7b2928da50&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:29:37.952] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:37.952] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:37.952] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:37.952] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:37.952] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:37.953] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:39.011] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.2.1765434550.jsonl|result:{"code": 0, "total_count": 14, "abnormal_count": 0, "normal_count": 14, "alert_count": 0, "timestamp": 1765463379010, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550907987, "etime": 1765434550907987, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49831, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551144503, "etime": 1765434551144503, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49274, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551147428, "etime": 1765434551147428, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49291, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551161769, "etime": 1765434551161769, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26928, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551146027, "etime": 1765434551146027, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49284, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550909208, "etime": 1765434550909208, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49832, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550906413, "etime": 1765434550906413, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49835, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551150422, "etime": 1765434551150422, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49301, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551160300, "etime": 1765434551160300, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26926, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551158721, "etime": 1765434551158721, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26920, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550989846, "etime": 1765434550989846, "src_ip": "20.190.144.165", "dest_ip": "192.168.253.132", "src_port": 443, "dest_port": 49762, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551157280, "etime": 1765434551157280, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26913, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551143094, "etime": 1765434551143094, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49267, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551148828, "etime": 1765434551148828, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49293, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:39.011] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:41.057] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24893 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.24.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.24.1765434550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e268dc471205b1f3a291f15da146a7697f90dcb3070c9098e85a7b139e232aa&X-Amz-Date=20251211T062940Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-11 14:29:41.057] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:41.057] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:41.057] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:41.057] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:41.057] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:41.058] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:41.520] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.24.1765434550.jsonl|result:{"code": 0, "total_count": 6, "abnormal_count": 0, "normal_count": 6, "alert_count": 0, "timestamp": 1765463381519, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551143685, "etime": 1765434551143685, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49302, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551106338, "etime": 1765434551106338, "src_ip": "27.221.30.148", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2441, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907065, "etime": 1765434550907065, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49843, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550908497, "etime": 1765434550908497, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49883, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551153551, "etime": 1765434551153551, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26931, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551142185, "etime": 1765434551142185, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49276, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:41.520] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:44.159] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25324 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.16.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.16.1765434550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062943Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=23eeb6b054ed35c364ccf05e3a59438a6a0c0ed630c59f5d431e9dcc126c74f0&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:29:44.159] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:44.159] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:44.160] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:44.160] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:44.160] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:44.160] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:44.760] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.16.1765434550.jsonl|result:{"code": 0, "total_count": 8, "abnormal_count": 0, "normal_count": 8, "alert_count": 0, "timestamp": 1765463384759, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550908339, "etime": 1765434550908339, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49837, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550905565, "etime": 1765434550905565, "src_ip": "184.50.36.66", "dest_ip": "192.168.83.128", "src_port": 443, "dest_port": 49800, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551154461, "etime": 1765434551154461, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26933, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551160165, "etime": 1765434551160165, "src_ip": "151.101.110.217", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 1760, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551143464, "etime": 1765434551143464, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49294, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551144809, "etime": 1765434551144809, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49296, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551153045, "etime": 1765434551153045, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26923, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551146336, "etime": 1765434551146336, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49315, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:44.760] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:47.262] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26572 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.14.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.14.1765434550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e82d5d24eba7a350864ec4f377f0e4286e24bb7394ce56317623231934c5bb41&X-Amz-Date=20251211T062946Z&X-Amz-Expires=604800"} [2025-12-11 14:29:47.262] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:47.262] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:47.262] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:47.263] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:47.263] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:47.263] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:48.012] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.14.1765434550.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765463388011, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550983812, "etime": 1765434550983812, "src_ip": "123.57.128.56", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49744, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551145721, "etime": 1765434551145721, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49279, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551142854, "etime": 1765434551142854, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49264, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551147305, "etime": 1765434551147305, "src_ip": "121.18.168.77", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 50421, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907740, "etime": 1765434550907740, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49828, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551141433, "etime": 1765434551141433, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49262, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551144245, "etime": 1765434551144245, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49270, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550906227, "etime": 1765434550906227, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49831, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551048063, "etime": 1765434551048063, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2065, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551032006, "etime": 1765434551032006, "src_ip": "27.221.30.148", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 1693, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:48.012] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:50.367] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25325 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.15.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.15.1765434550.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ef7b23ef2b7f11a5e01ee34c2ba78e1f82be91fd90bd81308d24d9ca5d841f7c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251211T062949Z"} [2025-12-11 14:29:50.367] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:50.367] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:50.367] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:50.367] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:50.367] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:50.368] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:51.044] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.15.1765434550.jsonl|result:{"code": 0, "total_count": 9, "abnormal_count": 0, "normal_count": 9, "alert_count": 0, "timestamp": 1765463391043, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551147358, "etime": 1765434551147358, "src_ip": "123.125.34.45", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 50422, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551153624, "etime": 1765434551153624, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26917, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551155000, "etime": 1765434551155000, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26918, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550906028, "etime": 1765434550906028, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49786, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551141497, "etime": 1765434551141497, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49263, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551145850, "etime": 1765434551145850, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49283, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551142916, "etime": 1765434551142916, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49271, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551144423, "etime": 1765434551144423, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49280, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907711, "etime": 1765434550907711, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49872, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:51.044] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:53.472] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24894 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.12.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.12.1765434550.jsonl?X-Amz-Date=20251211T062953Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=76c0b180bd1f2df759351f0a3649a14570ebd48a3d0b4ff40b2377422fe0310f&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-11 14:29:53.473] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:53.473] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:53.473] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:53.473] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:53.473] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:53.473] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:54.086] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.12.1765434550.jsonl|result:{"code": 0, "total_count": 8, "abnormal_count": 0, "normal_count": 8, "alert_count": 0, "timestamp": 1765463394085, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551142517, "etime": 1765434551142517, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49282, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551153757, "etime": 1765434551153757, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26903, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550993146, "etime": 1765434550993146, "src_ip": "218.68.58.29", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49755, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551144186, "etime": 1765434551144186, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49311, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551156122, "etime": 1765434551156122, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26938, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907373, "etime": 1765434550907373, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49871, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550905774, "etime": 1765434550905774, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49822, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550991712, "etime": 1765434550991712, "src_ip": "218.68.58.29", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49752, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:54.086] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:56.585] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26573 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.8.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.8.1765434550.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=fced0db856f8b6c07f801d157d6d9006ea63b451de3f7807be0b8c7a8beba4aa&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T062956Z"} [2025-12-11 14:29:56.586] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:56.586] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:56.586] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:56.586] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:56.586] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:56.586] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:29:57.115] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.8.1765434550.jsonl|result:{"code": 0, "total_count": 7, "abnormal_count": 0, "normal_count": 7, "alert_count": 0, "timestamp": 1765463397114, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551049021, "etime": 1765434551049021, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2060, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551143306, "etime": 1765434551143306, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49269, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550906682, "etime": 1765434550906682, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49795, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550908225, "etime": 1765434550908225, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49810, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550902302, "etime": 1765434550902302, "src_ip": "116.130.184.97", "dest_ip": "192.168.83.128", "src_port": 443, "dest_port": 49766, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550909778, "etime": 1765434550909778, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49874, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551141847, "etime": 1765434551141847, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49259, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:29:57.115] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:29:59.688] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25326 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.4.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.4.1765434550.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c398e37299f39eaa89094bc7f7c23f8153e5a4a7a0687f7ddcffeadb6af7e9c7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T062959Z"} [2025-12-11 14:29:59.689] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:29:59.689] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:29:59.689] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:29:59.689] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:29:59.689] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:29:59.690] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:30:00.478] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.4.1765434550.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765463400477, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434551145789, "etime": 1765434551145789, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49273, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907883, "etime": 1765434550907883, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49904, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550902302, "etime": 1765434550902302, "src_ip": "116.130.184.97", "dest_ip": "192.168.83.128", "src_port": 443, "dest_port": 49769, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551160503, "etime": 1765434551160503, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26907, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551147311, "etime": 1765434551147311, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49299, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551151689, "etime": 1765434551151689, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49318, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551150262, "etime": 1765434551150262, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49312, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551163337, "etime": 1765434551163337, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26937, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551148677, "etime": 1765434551148677, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49308, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551161896, "etime": 1765434551161896, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26934, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:30:00.478] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:30:02.800] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25327 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.20.1765434550.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.20.1765434550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251211T063002Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=0d96bd4edfb84e6596546257411c88b46fe6e4e328d5e51c1cbbe4876f00dc00"} [2025-12-11 14:30:02.800] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:30:02.800] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:30:02.800] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:30:02.800] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:30:02.800] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:30:02.801] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:30:03.189] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.20.1765434550.jsonl|result:{"code": 0, "total_count": 5, "abnormal_count": 0, "normal_count": 5, "alert_count": 0, "timestamp": 1765463403188, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765434550992127, "etime": 1765434550992127, "src_ip": "220.194.72.29", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49768, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550983960, "etime": 1765434550983960, "src_ip": "101.200.228.27", "dest_ip": "192.168.253.132", "src_port": 443, "dest_port": 49761, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550990068, "etime": 1765434550990068, "src_ip": "104.79.45.102", "dest_ip": "192.168.253.132", "src_port": 443, "dest_port": 49763, "protocol": "tls", "result": "Normal"}, {"stime": 1765434551049552, "etime": 1765434551049552, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2057, "protocol": "tls", "result": "Normal"}, {"stime": 1765434550907066, "etime": 1765434550907066, "src_ip": "192.168.61.142", "dest_ip": "175.24.252.168", "src_port": 49837, "dest_port": 443, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:30:03.189] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:37:59.000] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24895 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.9.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.9.1765435059.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=edd88291b34a0fb1013edf6f61811668c7f928c4474fc65c944488ee36d5048c&X-Amz-Expires=604800&X-Amz-Date=20251211T063758Z&X-Amz-SignedHeaders=host"} [2025-12-11 14:37:59.000] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:37:59.000] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:37:59.001] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:37:59.001] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:37:59.001] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:37:59.002] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:37:59.779] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.9.1765435059.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765463879778, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059675191, "etime": 1765435059675191, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26915, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059676649, "etime": 1765435059676649, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26942, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662663, "etime": 1765435059662663, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49266, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059664362, "etime": 1765435059664362, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49286, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059449916, "etime": 1765435059449916, "src_ip": "114.250.70.34", "dest_ip": "192.168.253.128", "src_port": 443, "dest_port": 1599, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421311, "etime": 1765435059421311, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49814, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059424087, "etime": 1765435059424087, "src_ip": "13.107.246.50", "dest_ip": "192.168.9.236", "src_port": 443, "dest_port": 49685, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059665825, "etime": 1765435059665825, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49307, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059565189, "etime": 1765435059565189, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2067, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059611346, "etime": 1765435059611346, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2156, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:37:59.779] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25328 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.11.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.11.1765435059.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=890ff819f5a0ab63306666a7c691d914ca2b84b3fea98455fcafaf7eed8212fb&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T063759Z"} [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:37:59.779] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:38:00.219] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.11.1765435059.jsonl|result:{"code": 0, "total_count": 6, "abnormal_count": 0, "normal_count": 6, "alert_count": 0, "timestamp": 1765463880219, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059670848, "etime": 1765435059670848, "src_ip": "192.168.253.131", "dest_ip": "175.174.26.113", "src_port": 26905, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421461, "etime": 1765435059421461, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49820, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059423135, "etime": 1765435059423135, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49824, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059424800, "etime": 1765435059424800, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49842, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059656789, "etime": 1765435059656789, "src_ip": "27.221.30.148", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 3103, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662476, "etime": 1765435059662476, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49314, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:38:00.219] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:38:00.220] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24896 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.23.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.23.1765435059.jsonl?X-Amz-Date=20251211T063800Z&X-Amz-SignedHeaders=host&X-Amz-Signature=244ec85dd3e323b1f42691d5f2cdb058adb072ded0d0ee02264aa6eeea5f484f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-11 14:38:00.220] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:38:00.220] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:38:00.220] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:38:00.220] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:38:00.220] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:38:00.220] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:38:00.582] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.23.1765435059.jsonl|result:{"code": 0, "total_count": 5, "abnormal_count": 0, "normal_count": 5, "alert_count": 0, "timestamp": 1765463880582, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059507477, "etime": 1765435059507477, "src_ip": "13.107.246.50", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49714, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662253, "etime": 1765435059662253, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49310, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421978, "etime": 1765435059421978, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49829, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059565165, "etime": 1765435059565165, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2064, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059675653, "etime": 1765435059675653, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26939, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:38:00.582] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:38:00.631] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25329 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.3.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.3.1765435059.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6c14d59761eadf2ca8e44d35fbd6b1e21125eb993f5e5e5a96bb5de5d99e2a5c&X-Amz-Date=20251211T063800Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 14:38:00.631] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:38:00.631] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:38:00.631] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:38:00.631] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:38:00.631] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:38:00.631] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:38:00.776] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.3.1765435059.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765463880776, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059662401, "etime": 1765435059662401, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49258, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059565535, "etime": 1765435059565535, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2069, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:38:00.776] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:38:01.173] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25330 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.19.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.19.1765435059.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=87490e03cfda260bef2e7d6da88e7028ff0e8f7bcc2ad2f82ba4d715bb016162&X-Amz-Date=20251211T063801Z"} [2025-12-11 14:38:01.173] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:38:01.173] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:38:01.174] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:38:01.174] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:38:01.174] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:38:01.174] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:38:01.765] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.19.1765435059.jsonl|result:{"code": 0, "total_count": 8, "abnormal_count": 0, "normal_count": 8, "alert_count": 0, "timestamp": 1765463881764, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059674581, "etime": 1765435059674581, "src_ip": "119.188.123.171", "dest_ip": "192.168.253.128", "src_port": 443, "dest_port": 9472, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662147, "etime": 1765435059662147, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49297, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059673262, "etime": 1765435059673262, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26941, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059663449, "etime": 1765435059663449, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49304, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421732, "etime": 1765435059421732, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49781, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059565474, "etime": 1765435059565474, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2062, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059671781, "etime": 1765435059671781, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26932, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059664957, "etime": 1765435059664957, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49316, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 14:38:01.765] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26574 key: NULL payload: {"bucket":"2025-12-11","object":"14/output/cnn/alert.pcap.5.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/14/output/cnn/alert.pcap.5.1765435059.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251211T063801Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d8dff981f4e3e0763a5d995307ff93a3d40f508a3184ace3de33872480646d02"} [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 14:38:01.765] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 14:38:02.201] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:14/output/cnn/alert.pcap.5.1765435059.jsonl|result:{"code": 0, "total_count": 6, "abnormal_count": 0, "normal_count": 6, "alert_count": 0, "timestamp": 1765463882200, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059424684, "etime": 1765435059424684, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49903, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059670322, "etime": 1765435059670322, "src_ip": "192.168.253.131", "dest_ip": "175.174.26.113", "src_port": 26906, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059573840, "etime": 1765435059573840, "src_ip": "116.117.158.42", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2102, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059670655, "etime": 1765435059670655, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26908, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421488, "etime": 1765435059421488, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49817, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059423288, "etime": 1765435059423288, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49882, "protocol": "tls", "result": "Normal"}]} [2025-12-11 14:38:02.201] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 15:38:44.970] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25331 key: NULL payload: {"bucket":"2025-12-11","object":"15/output/cnn/alert.pcap.11.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/15/output/cnn/alert.pcap.11.1765435059.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251211T073844Z&X-Amz-Signature=2a3d89679928082eb6e3a20230df71ec2a5388eec45643b3b77c286d0c93e344&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 15:38:44.970] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 15:38:44.970] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 15:38:44.971] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 15:38:44.971] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 15:38:44.971] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 15:38:44.971] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 15:38:45.462] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:15/output/cnn/alert.pcap.11.1765435059.jsonl|result:{"code": 0, "total_count": 6, "abnormal_count": 0, "normal_count": 6, "alert_count": 0, "timestamp": 1765467525462, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059662476, "etime": 1765435059662476, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49314, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059423135, "etime": 1765435059423135, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49824, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059656789, "etime": 1765435059656789, "src_ip": "27.221.30.148", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 3103, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059424800, "etime": 1765435059424800, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49842, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059670848, "etime": 1765435059670848, "src_ip": "192.168.253.131", "dest_ip": "175.174.26.113", "src_port": 26905, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421461, "etime": 1765435059421461, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49820, "protocol": "tls", "result": "Normal"}]} [2025-12-11 15:38:45.463] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 15:41:59.978] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[0] at offset 25332 key: NULL payload: {"bucket":"2025-12-11","object":"15/output/cnn/alert.pcap.19.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/15/output/cnn/alert.pcap.19.1765435059.jsonl?X-Amz-Expires=604800&X-Amz-Signature=53ff84dfe5428ddc1581debb3f0717005ca0958f5cc5616d5a992b7a0338edc8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T074159Z"} [2025-12-11 15:41:59.978] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 15:41:59.978] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 15:41:59.978] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 15:41:59.978] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 15:41:59.978] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 15:41:59.979] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 15:42:00.607] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:15/output/cnn/alert.pcap.19.1765435059.jsonl|result:{"code": 0, "total_count": 8, "abnormal_count": 0, "normal_count": 8, "alert_count": 0, "timestamp": 1765467720606, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059565474, "etime": 1765435059565474, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2062, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059674581, "etime": 1765435059674581, "src_ip": "119.188.123.171", "dest_ip": "192.168.253.128", "src_port": 443, "dest_port": 9472, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059664957, "etime": 1765435059664957, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49316, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059673262, "etime": 1765435059673262, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26941, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421732, "etime": 1765435059421732, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49781, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662147, "etime": 1765435059662147, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49297, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059671781, "etime": 1765435059671781, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26932, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059663449, "etime": 1765435059663449, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49304, "protocol": "tls", "result": "Normal"}]} [2025-12-11 15:42:00.607] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 15:42:03.084] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24897 key: NULL payload: {"bucket":"2025-12-11","object":"15/output/cnn/alert.pcap.23.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/15/output/cnn/alert.pcap.23.1765435059.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4aae729b4be53d1112dbfcdbdf9d02dd039322388bdbc086caaa7a9e99702915&X-Amz-Date=20251211T074202Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-11 15:42:03.084] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 15:42:03.084] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 15:42:03.084] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 15:42:03.084] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 15:42:03.084] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 15:42:03.085] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 15:42:03.479] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:15/output/cnn/alert.pcap.23.1765435059.jsonl|result:{"code": 0, "total_count": 5, "abnormal_count": 0, "normal_count": 5, "alert_count": 0, "timestamp": 1765467723478, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059565165, "etime": 1765435059565165, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2064, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059675653, "etime": 1765435059675653, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26939, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662253, "etime": 1765435059662253, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49310, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421978, "etime": 1765435059421978, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49829, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059507477, "etime": 1765435059507477, "src_ip": "13.107.246.50", "dest_ip": "192.168.9.224", "src_port": 443, "dest_port": 49714, "protocol": "tls", "result": "Normal"}]} [2025-12-11 15:42:03.479] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 15:42:06.187] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24898 key: NULL payload: {"bucket":"2025-12-11","object":"15/output/cnn/alert.pcap.3.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/15/output/cnn/alert.pcap.3.1765435059.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f999901109bde4339ba99c376f56e61290746af46bc927de453f183635868bd3&X-Amz-Date=20251211T074205Z"} [2025-12-11 15:42:06.187] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 15:42:06.187] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 15:42:06.188] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 15:42:06.188] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 15:42:06.188] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 15:42:06.189] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 15:42:06.355] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:15/output/cnn/alert.pcap.3.1765435059.jsonl|result:{"code": 0, "total_count": 2, "abnormal_count": 0, "normal_count": 2, "alert_count": 0, "timestamp": 1765467726354, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059565535, "etime": 1765435059565535, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2069, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662401, "etime": 1765435059662401, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49258, "protocol": "tls", "result": "Normal"}]} [2025-12-11 15:42:06.355] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 15:42:09.292] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[1] at offset 26575 key: NULL payload: {"bucket":"2025-12-11","object":"15/output/cnn/alert.pcap.5.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/15/output/cnn/alert.pcap.5.1765435059.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5ba9c8b50bbfa86a504473f5a9529c85b31592b638dbc0280194059931f07c48&X-Amz-Date=20251211T074208Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-11 15:42:09.292] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 15:42:09.292] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 15:42:09.292] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 15:42:09.292] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 15:42:09.292] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 15:42:09.293] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 15:42:09.743] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:15/output/cnn/alert.pcap.5.1765435059.jsonl|result:{"code": 0, "total_count": 6, "abnormal_count": 0, "normal_count": 6, "alert_count": 0, "timestamp": 1765467729742, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059423288, "etime": 1765435059423288, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49882, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059573840, "etime": 1765435059573840, "src_ip": "116.117.158.42", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2102, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059670322, "etime": 1765435059670322, "src_ip": "192.168.253.131", "dest_ip": "175.174.26.113", "src_port": 26906, "dest_port": 443, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421488, "etime": 1765435059421488, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49817, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059670655, "etime": 1765435059670655, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26908, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059424684, "etime": 1765435059424684, "src_ip": "179.43.151.13", "dest_ip": "192.168.85.128", "src_port": 443, "dest_port": 49903, "protocol": "tls", "result": "Normal"}]} [2025-12-11 15:42:09.743] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000 [2025-12-11 15:42:12.395] [DEBUG] [tid:138035844867776] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_cnn partition:[2] at offset 24899 key: NULL payload: {"bucket":"2025-12-11","object":"15/output/cnn/alert.pcap.9.1765435059.jsonl","url":"http://111.32.12.11:9000/2025-12-11/15/output/cnn/alert.pcap.9.1765435059.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251211T074212Z&X-Amz-Signature=463c64d792e1ecf012f755fe2f1fe76af1109a326ef62348f051a3bea2301c8e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-11 15:42:12.395] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:259) process model: 0 [2025-12-11 15:42:12.395] [INFO] [tid:138035844867776] (AiModule.cpp:10) load so_code_cnn.so lib [2025-12-11 15:42:12.396] [INFO] [tid:138035844867776] (AiModule.cpp:12) load so module so_code_cnn [2025-12-11 15:42:12.396] [INFO] [tid:138035844867776] (AiModule.cpp:20) get func load [2025-12-11 15:42:12.396] [INFO] [tid:138035844867776] (AiModule.cpp:29) prepare args for load [2025-12-11 15:42:12.397] [INFO] [tid:138035844867776] (AiModule.cpp:39) load result:0 [2025-12-11 15:42:13.172] [DEBUG] [tid:138035844867776] (AiModule.cpp:93) bucket:2025-12-11|object:15/output/cnn/alert.pcap.9.1765435059.jsonl|result:{"code": 0, "total_count": 10, "abnormal_count": 0, "normal_count": 10, "alert_count": 0, "timestamp": 1765467733172, "module": "anquanchu", "alerted": false, "proto": "tls", "details": [{"stime": 1765435059675191, "etime": 1765435059675191, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26915, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059565189, "etime": 1765435059565189, "src_ip": "121.22.230.92", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2067, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059665825, "etime": 1765435059665825, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49307, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059662663, "etime": 1765435059662663, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49266, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059611346, "etime": 1765435059611346, "src_ip": "211.95.50.13", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 2156, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059664362, "etime": 1765435059664362, "src_ip": "119.188.43.189", "dest_ip": "192.168.13.129", "src_port": 443, "dest_port": 49286, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059449916, "etime": 1765435059449916, "src_ip": "114.250.70.34", "dest_ip": "192.168.253.128", "src_port": 443, "dest_port": 1599, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059424087, "etime": 1765435059424087, "src_ip": "13.107.246.50", "dest_ip": "192.168.9.236", "src_port": 443, "dest_port": 49685, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059421311, "etime": 1765435059421311, "src_ip": "175.24.252.168", "dest_ip": "192.168.61.142", "src_port": 443, "dest_port": 49814, "protocol": "tls", "result": "Normal"}, {"stime": 1765435059676649, "etime": 1765435059676649, "src_ip": "175.174.26.113", "dest_ip": "192.168.253.131", "src_port": 443, "dest_port": 26942, "protocol": "tls", "result": "Normal"}]} [2025-12-11 15:42:13.172] [INFO] [tid:138035844867776] (KafkaConsumer.cpp:267) cnn alert_count: 0|max_alert: 1000